Skip to content

Commit c3aae75

Browse files
borsbors
committed
Auto merge of #2480 - Folyd:master, r=jtgeibel
Add Access-Control-Allow-Origin: * header to allow CORS Fixes #2191
2 parents de20f73 + 6a49937 commit c3aae75

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

config/nginx.conf.erb

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -156,7 +156,9 @@ http {
156156
add_header X-Content-Type-Options "nosniff";
157157
add_header X-Frame-Options "SAMEORIGIN";
158158
add_header X-XSS-Protection "1; mode=block";
159+
159160
add_header Content-Security-Policy "default-src 'self'; connect-src 'self' https://docs.rs https://<%= s3_host(ENV) %>; script-src 'self' 'unsafe-eval' https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://www.google.com https://ajax.googleapis.com https://fonts.googleapis.com; font-src: https://fonts.gstatic.com; img-src *; object-src 'none'";
161+
add_header Access-Control-Allow-Origin "*";
160162

161163
add_header Strict-Transport-Security "max-age=31536000" always;
162164
add_header Vary 'Accept, Accept-Encoding, Cookie';

0 commit comments

Comments
 (0)