杜郎俊赏

建站之 CSP

Content Security Policy,简称 CSP,定义页面可以加载哪些资源,增强安全性。

我的配置如下

add_header Strict-Transport-Security "max-age=31536000";add_header X-Frame-Options deny;add_header X-Content-Type-Options nosniff;add_header X-XSS-Protection '1; mode=block';add_header Content-Security-Policy "default-src https: 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.dujun.io; style-src https: 'self' 'unsafe-inline' https://cdn.dujun.io; img-src https: 'self' data: https://cdn.dujun.io; object-src https: 'self' 'unsafe-inline' https://cdn.dujun.io; child-src https: 'self'";

标签:建站
日期:2017-05-04