Skip to content

Commit

Permalink
renew CSP headers, make them more restrictive
Browse files Browse the repository at this point in the history
  • Loading branch information
@paskal
paskal committed Jan 8, 2024
1 parent 5779b64 commit 2e11bb1
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions config/nginx/security_headers.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,5 +16,5 @@ add_header Strict-Transport-Security 'max-age=31536000; includeSubdomains; prelo
# for the sake of better benchmark score
add_header Referrer-Policy same-origin;

# CSP header
add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.clickfraud.dev https://mc.yandex.com https://mc.yandex.ru https://*.google.com https://*.google.ru https://stats.g.doubleclick.net https://*.clickfraud.ru https://analytics.bitrix.info https://fs-group.bitrix24.ru; font-src 'self' data: https://fonts.bitrix24.ru https://static.cdn-favor-group.ru https://dev.cdn-favor-group.ru; frame-src 'self' https://mc.yandex.ru https://yandex.ru https://www.google.com; img-src 'self' data: https://*.yandex.com https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://www.googletagmanager.com https://*.google.ru https://static.cdn-favor-group.ru https://dev.cdn-favor-group.ru https://counter.yadro.ru; script-src 'self' https://static.cdn-favor-group.ru https://dev.cdn-favor-group.ru https://widgets.mango-office.ru/ https://dct.mango-office.ru https://www.googletagmanager.com https://cdn-ru.bitrix24.ru/ https://*.clickfraud.ru https://www.google.com https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://fs-group.bitrix24.ru https://cdn.jsdelivr.net https://www.gstatic.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://static.cdn-favor-group.ru https://dev.cdn-favor-group.ru https://fonts.bitrix24.ru https://fs-group.bitrix24.ru https://fonts.googleapis.com; manifest-src 'self'; report-uri https://o4506532003840000.ingest.sentry.io/api/4506532009738240/security/?sentry_key=ef58566724eba7c9be0cf1a7fa561953; report-to {\"group\":\"default\",\"max_age\":10886400,\"endpoints\":[{\"url\":\"https://o4506532003840000.ingest.sentry.io/api/4506532009738240/security/?sentry_key=ef58566724eba7c9be0cf1a7fa561953\"}],\"include_subdomains\":true}" always;
# CSP header, built with https://addons.mozilla.org/en/firefox/addon/laboratory-by-mozilla/
add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://*.clickfraud.ru https://*.google.com https://*.google.ru https://analytics.bitrix.info https://api.clickfraud.dev https://fs-group.bitrix24.ru https://mc.yandex.com/ https://mc.yandex.md/ https://mc.yandex.ru/ https://stats.g.doubleclick.net; font-src 'self' data: https://fonts.bitrix24.ru https://yastatic.net https://dev.cdn-favor-group.ru https://static.cdn-favor-group.ru; frame-src 'self' https://yandex.ru https://mc.yandex.ru https://www.google.com; img-src 'self' data: blob: https://*.google.ru https://www.googletagmanager.com https://*.yandex.com https://*.yandex.com https://*.yandex.net https://*.yandex.ru https://counter.yadro.ru https://dev.cdn-favor-group.ru https://static.cdn-favor-group.ru; script-src 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.bitrix24.ru/css https://fs-group.bitrix24.ru/bitrix/js/crm/site/form/dist/ https://dev.cdn-favor-group.ru https://static.cdn-favor-group.ru; manifest-src 'self'; media-src 'none'; object-src 'none'; child-src https://www.google.com https://yandex.ru; worker-src 'none'; frame-ancestors 'self'; form-action 'self'; base-uri 'none'; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.clickfraud.ru https://cdn-ru.bitrix24.ru https://cdn.jsdelivr.net/npm/ https://cdnjs.cloudflare.com/ajax/libs/ https://core-renderer-tiles.maps.yandex.net https://dct.mango-office.ru https://enterprise.api-maps.yandex.ru/ https://fs-group.bitrix24.ru/bitrix/js/crm/site/form/dist/ https://mc.yandex.ru/metrika/tag.js https://widgets.mango-office.ru/widgets/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/ https://dev.cdn-favor-group.ru https://static.cdn-favor-group.ru; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.bitrix24.ru/css https://fs-group.bitrix24.ru/bitrix/js/crm/site/form/dist/ https://dev.cdn-favor-group.ru https://static.cdn-favor-group.ru; report-uri https://o4506532003840000.ingest.sentry.io/api/4506532009738240/security/?sentry_key=ef58566724eba7c9be0cf1a7fa561953; report-to {\"group\":\"default\",\"max_age\":10886400,\"endpoints\":[{\"url\":\"https://o4506532003840000.ingest.sentry.io/api/4506532009738240/security/?sentry_key=ef58566724eba7c9be0cf1a7fa561953\"}],\"include_subdomains\":true}" always;

0 comments on commit 2e11bb1

Please sign in to comment.