website/content/blog/_draft/secure-gitea-using-nginx.md

---
title: "Secure Gitea Using Nginx"
author: "Vrifox"
date: 2020-09-18T13:48:31+02:00
featured_image: 
categories:
tags: 

draft: true
type: "post"
---

Gitea uses inline-scrips and -styles and sets non-secure cookies. It took me a while to figure out how to make both a non-issue.

To overcome the inline-issue and be able to set a secure [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) I discovered that you could allow specific scripts and styles as follows:

`add_header Content-Security-Policy   "script-src 'self' 'sha256-woGzIu9yHD+ty6q2UlGmvvXbicNUyNzO4LJkj0U6B40=';";`

To get the value I used the console in chromium (Ctrl+Shift+I).
add content and modify gitignore I decided to read the content for simplicity and data safety on my site. It's a website, so the content is out there anyway. 2022-01-24 20:12:23 +01:00			`---`
			`title: "Secure Gitea Using Nginx"`
			`author: "Vrifox"`
			`date: 2020-09-18T13:48:31+02:00`
			`featured_image:`
			`categories:`
			`tags:`

			`draft: true`
			`type: "post"`
			`---`

			`Gitea uses inline-scrips and -styles and sets non-secure cookies. It took me a while to figure out how to make both a non-issue.`

			`To overcome the inline-issue and be able to set a secure [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) I discovered that you could allow specific scripts and styles as follows:`

			`add_header Content-Security-Policy "script-src 'self' 'sha256-woGzIu9yHD+ty6q2UlGmvvXbicNUyNzO4LJkj0U6B40=';";`

			`To get the value I used the console in chromium (Ctrl+Shift+I).`