- updated nginx conf

raft-tech · Oct 11, 2023 · 3d9d70d · 3d9d70d
1 parent 3b7d24c
commit 3d9d70d
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 7 deletions.
diff --git a/tdrs-frontend/nginx/cloud.gov/buildpack.nginx.conf b/tdrs-frontend/nginx/cloud.gov/buildpack.nginx.conf
@@ -21,9 +21,9 @@ http {
     log_format compression '$remote_addr - $remote_user [$time_local] '
                             '"proxy_host and upstream_addr": $proxy_host $upstream_addr, '
                            ' "request": $request, '
-                           '"body_bytes_sent" : $body_bytes_sent, ' 
+                           '"body_bytes_sent" : $body_bytes_sent, '
                            '"request_body": $request_body, '
-                           '"http_x_forwarded_for": $http_x_forwarded_for, ' 
+                           '"http_x_forwarded_for": $http_x_forwarded_for, '
                             '"host": $host, '
                             ' "status": $status, '
                             '"proxy_add_x_forwarded_for": $proxy_add_x_forwarded_for, '
@@ -47,7 +47,7 @@ http {
         }
 
         client_max_body_size 100m;
-        
+
         # Block all requests except ones listed in whitelist; disabled for local
         # First have to correct the source IP address using real_ip_header, otherwise
         # the IP address will be the internal IP address of the router
@@ -63,7 +63,7 @@ http {
         set $CSP "default-src 'self';";
         set $CSP "${CSP}script-src 'self';";
         set $CSP "${CSP}script-src-elem 'self';";
-        set $CSP "${CSP}script-src-attr 'self';";
+        set $CSP "${CSP}script-src-attr 'self' 'unsafe-inline';";
         set $CSP "${CSP}img-src 'self' data:;";
         set $CSP "${CSP}font-src 'self';";
         set $CSP "${CSP}connect-src 'self' ${CONNECT_SRC};";

diff --git a/tdrs-frontend/nginx/local/default.conf.template b/tdrs-frontend/nginx/local/default.conf.template
@@ -82,7 +82,7 @@ http {
         set $CSP "${CSP}prefetch-src 'none';";
         set $CSP "${CSP}form-action *;";
         set $CSP "${CSP}script-src-elem 'self' http://localhost:* http://www.w3.org;";
-        set $CSP "${CSP}script-src-attr 'self';";
+        set $CSP "${CSP}script-src-attr 'self' 'unsafe-inline';";
         set $CSP "${CSP}style-src-elem 'self' 'unsafe-inline';";
         set $CSP "${CSP}style-src-attr 'self';";
         set $CSP "${CSP}worker-src 'none';";
@@ -104,7 +104,7 @@ http {
 
     access_log /dev/stdout compression;
     #access_log stderr compression;
-    
+
     # Content caching
     # saves cached fies in /tmp
     # cache zone name = tdp_cache
@@ -126,7 +126,7 @@ http {
             set $CSP "default-src 'self';";
             set $CSP "${CSP}script-src 'self';";
             set $CSP "${CSP}script-src-elem 'self';";
-            set $CSP "${CSP}script-src-attr 'self';";
+            set $CSP "${CSP}script-src-attr 'self' 'unsafe-inline';";
             set $CSP "${CSP}img-src 'self' data:;";
             set $CSP "${CSP}font-src 'self';";
             set $CSP "${CSP}manifest-src 'self';";