From d359cef13ed286e359348ae4950929c58ad0e1bd Mon Sep 17 00:00:00 2001 From: KiekerJan Date: Mon, 18 Apr 2022 21:58:53 +0200 Subject: [PATCH] CSP header disrupts roundcube --- management/web_update.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/management/web_update.py b/management/web_update.py index a22f8ed4..69b1343a 100644 --- a/management/web_update.py +++ b/management/web_update.py @@ -217,7 +217,7 @@ def make_domain_config(domain, templates, ssl_certificates, env): nginx_conf_extra += "\tadd_header X-Frame-Options \"SAMEORIGIN\" always;\n" nginx_conf_extra += "\tadd_header X-Content-Type-Options nosniff;\n" - nginx_conf_extra += "\tadd_header Content-Security-Policy \"default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;frame-ancestors 'self'\";\n" + nginx_conf_extra += "\tadd_header Content-Security-Policy-Report-Only \"default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;frame-ancestors 'self'\";\n" nginx_conf_extra += "\tadd_header Referrer-Policy \"strict-origin\";\n" # Add in any user customizations in the includes/ folder.