Vri
084cda3e07
I decided to read the content for simplicity and data safety on my site. It's a website, so the content is out there anyway.
657 B
Executable file
657 B
Executable file
| title | author | date | featured_image | categories | tags | draft | type |
|---|---|---|---|---|---|---|---|
| Secure Gitea Using Nginx | Vrifox | 2020-09-18T13:48:31+02:00 | true | post |
Gitea uses inline-scrips and -styles and sets non-secure cookies. It took me a while to figure out how to make both a non-issue.
To overcome the inline-issue and be able to set a secure CSP I discovered that you could allow specific scripts and styles as follows:
add_header Content-Security-Policy "script-src 'self' 'sha256-woGzIu9yHD+ty6q2UlGmvvXbicNUyNzO4LJkj0U6B40=';";
To get the value I used the console in chromium (Ctrl+Shift+I).