remove unused rule obj-src

paskal · Jan 7, 2024 · 5779b64 · 5779b64
1 parent d3badfa
commit 5779b64
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/config/nginx/security_headers.conf b/config/nginx/security_headers.conf
@@ -17,4 +17,4 @@ add_header Strict-Transport-Security 'max-age=31536000; includeSubdomains; prelo
 add_header Referrer-Policy same-origin;
 
 # CSP header
-add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.clickfraud.dev https://mc.yandex.com https://mc.yandex.ru https://*.google.com https://*.google.ru https://stats.g.doubleclick.net https://*.clickfraud.ru https://analytics.bitrix.info https://fs-group.bitrix24.ru; font-src 'self' data: https://fonts.bitrix24.ru https://static.cdn-favor-group.ru https://dev.cdn-favor-group.ru; frame-src 'self' https://mc.yandex.ru https://yandex.ru https://www.google.com; img-src 'self' data: https://*.yandex.com https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://www.googletagmanager.com https://*.google.ru https://static.cdn-favor-group.ru https://dev.cdn-favor-group.ru https://counter.yadro.ru; script-src 'self' https://static.cdn-favor-group.ru https://dev.cdn-favor-group.ru https://widgets.mango-office.ru/ https://dct.mango-office.ru https://www.googletagmanager.com https://cdn-ru.bitrix24.ru/ https://*.clickfraud.ru https://www.google.com https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://fs-group.bitrix24.ru https://cdn.jsdelivr.net https://www.gstatic.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline' https://static.cdn-favor-group.ru https://dev.cdn-favor-group.ru https://fonts.bitrix24.ru https://fs-group.bitrix24.ru https://fonts.googleapis.com; manifest-src 'self'; report-uri https://o4506532003840000.ingest.sentry.io/api/4506532009738240/security/?sentry_key=ef58566724eba7c9be0cf1a7fa561953; report-to {\"group\":\"default\",\"max_age\":10886400,\"endpoints\":[{\"url\":\"https://o4506532003840000.ingest.sentry.io/api/4506532009738240/security/?sentry_key=ef58566724eba7c9be0cf1a7fa561953\"}],\"include_subdomains\":true}" always;
+add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.clickfraud.dev https://mc.yandex.com https://mc.yandex.ru https://*.google.com https://*.google.ru https://stats.g.doubleclick.net https://*.clickfraud.ru https://analytics.bitrix.info https://fs-group.bitrix24.ru; font-src 'self' data: https://fonts.bitrix24.ru https://static.cdn-favor-group.ru https://dev.cdn-favor-group.ru; frame-src 'self' https://mc.yandex.ru https://yandex.ru https://www.google.com; img-src 'self' data: https://*.yandex.com https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://www.googletagmanager.com https://*.google.ru https://static.cdn-favor-group.ru https://dev.cdn-favor-group.ru https://counter.yadro.ru; script-src 'self' https://static.cdn-favor-group.ru https://dev.cdn-favor-group.ru https://widgets.mango-office.ru/ https://dct.mango-office.ru https://www.googletagmanager.com https://cdn-ru.bitrix24.ru/ https://*.clickfraud.ru https://www.google.com https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://fs-group.bitrix24.ru https://cdn.jsdelivr.net https://www.gstatic.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://static.cdn-favor-group.ru https://dev.cdn-favor-group.ru https://fonts.bitrix24.ru https://fs-group.bitrix24.ru https://fonts.googleapis.com; manifest-src 'self'; report-uri https://o4506532003840000.ingest.sentry.io/api/4506532009738240/security/?sentry_key=ef58566724eba7c9be0cf1a7fa561953; report-to {\"group\":\"default\",\"max_age\":10886400,\"endpoints\":[{\"url\":\"https://o4506532003840000.ingest.sentry.io/api/4506532009738240/security/?sentry_key=ef58566724eba7c9be0cf1a7fa561953\"}],\"include_subdomains\":true}" always;