website/content/blog/_draft/secure-gitea-using-nginx.md
2022-04-10 13:07:40 +02:00

657 B

title author date featured_image categories tags draft type
Secure Gitea Using Nginx Vrifox 2020-09-18T13:48:31+02:00 true post

Gitea uses inline-scrips and -styles and sets non-secure cookies. It took me a while to figure out how to make both a non-issue.

To overcome the inline-issue and be able to set a secure CSP I discovered that you could allow specific scripts and styles as follows:

add_header Content-Security-Policy "script-src 'self' 'sha256-woGzIu9yHD+ty6q2UlGmvvXbicNUyNzO4LJkj0U6B40=';";

To get the value I used the console in chromium (Ctrl+Shift+I).