Update CSP for Jekyll test

textpattern · Jul 15, 2020 · 6807cdb · 6807cdb · petecooper · Jul 15, 2020
1 parent 850f42e
commit 6807cdb
Showing 1 changed file with 11 additions and 7 deletions.
diff --git a/servers/files/trident.textpattern.com/etc/nginx/sites-available/jekyll.textpattern.com.conf b/servers/files/trident.textpattern.com/etc/nginx/sites-available/jekyll.textpattern.com.conf
@@ -45,9 +45,9 @@ server {#http(/1), #https(/2), PHP FastCGI (optional)
     set $csp_7fcbbcec '${csp_7fcbbcec}connect-src \'self\';';
     set $csp_7fcbbcec '${csp_7fcbbcec}default-src \'none\';';
     set $csp_7fcbbcec '${csp_7fcbbcec}font-src https://*.textpattern.com \'self\';';
-    set $csp_7fcbbcec '${csp_7fcbbcec}frame-ancestors \'self\';';
-    set $csp_7fcbbcec '${csp_7fcbbcec}frame-src \'none\';';
-    set $csp_7fcbbcec '${csp_7fcbbcec}img-src https://*.textpattern.com \'self\';';
+    set $csp_7fcbbcec '${csp_7fcbbcec}form-action \'self\';';
+    set $csp_7fcbbcec '${csp_7fcbbcec}frame-ancestors \'none\';';
+    set $csp_7fcbbcec '${csp_7fcbbcec}img-src https://textpattern.com data: \'self\';';
     set $csp_7fcbbcec '${csp_7fcbbcec}manifest-src \'self\';';
     set $csp_7fcbbcec '${csp_7fcbbcec}media-src \'self\';';
     set $csp_7fcbbcec '${csp_7fcbbcec}object-src \'none\';';
@@ -56,6 +56,10 @@ server {#http(/1), #https(/2), PHP FastCGI (optional)
     add_header Content-Security-Policy $csp_7fcbbcec;
     #nested variable for Feature Policy maintainability
     set $fp_7fcbbcec '';
+    set $fp_7fcbbcec '${fp_7fcbbcec}accelerometer \'none\';';
+    set $fp_7fcbbcec '${fp_7fcbbcec}ambient-light-sensor \'none\';';
+    set $fp_7fcbbcec '${fp_7fcbbcec}autoplay \'none\';';
+    set $fp_7fcbbcec '${fp_7fcbbcec}battery \'none\';';
     set $fp_7fcbbcec '${fp_7fcbbcec}camera \'none\';';
     set $fp_7fcbbcec '${fp_7fcbbcec}fullscreen \'self\';';
     set $fp_7fcbbcec '${fp_7fcbbcec}geolocation \'none\';';
@@ -65,15 +69,15 @@ server {#http(/1), #https(/2), PHP FastCGI (optional)
     set $fp_7fcbbcec '${fp_7fcbbcec}midi \'none\';';
     set $fp_7fcbbcec '${fp_7fcbbcec}notifications \'self\';';
     set $fp_7fcbbcec '${fp_7fcbbcec}payment \'none\';';
-    set $fp_7fcbbcec '${fp_7fcbbcec}push \'self\';';
+    set $fp_7fcbbcec '${fp_7fcbbcec}picture-in-picture \'none\';';
     set $fp_7fcbbcec '${fp_7fcbbcec}speaker \'none\';';
     set $fp_7fcbbcec '${fp_7fcbbcec}sync-xhr \'self\';';
-    set $fp_7fcbbcec '${fp_7fcbbcec}vibrate \'none\''; #no trailing semicolon
+    set $fp_7fcbbcec '${fp_7fcbbcec}usb \'none\''; #no trailing semicolon
     add_header Feature-Policy $fp_7fcbbcec;
     add_header Referrer-Policy strict-origin;
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
     add_header X-Content-Type-Options nosniff;
-    add_header X-Frame-Options SAMEORIGIN;
+    add_header X-Frame-Options DENY;
     add_header X-XSS-Protection "1; mode=block";
     error_log /var/log/nginx/jekyll.textpattern.com/jekyll.textpattern.com.error.log warn;
     index index.html index.php;
@@ -111,7 +115,7 @@ server {#http(/1), #https(/2), PHP FastCGI (optional)
         add_header Referrer-Policy strict-origin;
         add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
         add_header X-Content-Type-Options nosniff;
-        add_header X-Frame-Options SAMEORIGIN;
+        add_header X-Frame-Options DENY;
         add_header X-XSS-Protection "1; mode=block";
     }
     location / {