19 lines
657 B
Markdown
19 lines
657 B
Markdown
---
|
|
title: "Secure Gitea Using Nginx"
|
|
author: "Vrifox"
|
|
date: 2020-09-18T13:48:31+02:00
|
|
featured_image:
|
|
categories:
|
|
tags:
|
|
|
|
draft: true
|
|
type: "post"
|
|
---
|
|
|
|
Gitea uses inline-scrips and -styles and sets non-secure cookies. It took me a while to figure out how to make both a non-issue.
|
|
|
|
To overcome the inline-issue and be able to set a secure [CSP](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) I discovered that you could allow specific scripts and styles as follows:
|
|
|
|
`add_header Content-Security-Policy "script-src 'self' 'sha256-woGzIu9yHD+ty6q2UlGmvvXbicNUyNzO4LJkj0U6B40=';";`
|
|
|
|
To get the value I used the console in chromium (Ctrl+Shift+I).
|