add content and modify gitignore
I decided to read the content for simplicity and data safety on my site. It's a website, so the content is out there anyway.
This commit is contained in:
parent
92696d28bb
commit
084cda3e07
GPG key ID:
D40098E5B60B2197
63 changed files with 882 additions and 12 deletions
19
content/blog/_draft/secure-gitea-using-nginx.md
Executable file
19
content/blog/_draft/secure-gitea-using-nginx.md
Executable file
|
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
title: "Secure Gitea Using Nginx"
|
||||
author: "Vrifox"
|
||||
date: 2020-09-18T13:48:31+02:00
|
||||
featured_image:
|
||||
categories:
|
||||
tags:
|
||||
|
||||
draft: true
|
||||
type: "post"
|
||||
---
|
||||
|
||||
Gitea uses inline-scrips and -styles and sets non-secure cookies. It took me a while to figure out how to make both a non-issue.
|
||||
|
||||
To overcome the inline-issue and be able to set a secure [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) I discovered that you could allow specific scripts and styles as follows:
|
||||
|
||||
`add_header Content-Security-Policy "script-src 'self' 'sha256-woGzIu9yHD+ty6q2UlGmvvXbicNUyNzO4LJkj0U6B40=';";`
|
||||
|
||||
To get the value I used the console in chromium (Ctrl+Shift+I).
|
||||
Loading…
Add table
Add a link
Reference in a new issue