openresty to nginx+modsec #27
@ -1,16 +1,3 @@
|
|||||||
<!-- Google Analytics -->
|
|
||||||
<script type="text/javascript">
|
|
||||||
var _gaq = _gaq || [];
|
|
||||||
_gaq.push(['_setAccount', 'UA-18148792-3']);
|
|
||||||
_gaq.push(['_trackPageview']);
|
|
||||||
|
|
||||||
(function() {
|
|
||||||
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
|
|
||||||
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
|
|
||||||
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
|
|
||||||
})();
|
|
||||||
|
|
||||||
</script>
|
|
||||||
<!-- Replace Gitea icon with AniNIX -->
|
<!-- Replace Gitea icon with AniNIX -->
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
document.getElementById('navbar').children[0].children[0].children[0].src="/assets/img/AniNIX.png";
|
document.getElementById('navbar').children[0].children[0].children[0].src="/assets/img/AniNIX.png";
|
||||||
@ -20,5 +7,3 @@ _gaq.push(['_trackPageview']);
|
|||||||
document.getElementById("pwdchange").setAttribute("target","_blank");
|
document.getElementById("pwdchange").setAttribute("target","_blank");
|
||||||
document.getElementById("chat").setAttribute("target","_blank");
|
document.getElementById("chat").setAttribute("target","_blank");
|
||||||
</script>
|
</script>
|
||||||
|
|
||||||
|
|
||||||
|
@ -1 +1,3 @@
|
|||||||
add_header "Content-Security-Policy" "default-src data: 'self' aninix.net foundation.aninix.net; script-src foundation.aninix.net www.gstatic.com www.google.com js.stripe.com unsafe-inline ssl.google-analytics.com 'self' aninix.net foundation.aninix.net data: 'unsafe-inline' 'unsafe-eval'; style-src foundation.aninix.net 'self' aninix.net foundation.aninix.net 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; img-src foundation.aninix.net 'self' aninix.net foundation.aninix.net upload.wikimedia.org commons.wikimedia.org creativecommons.org www.w3.org stripe.com ssl.google-analytics.com; font-src fonts.gstatic.com data: 'self' aninix.net foundation.aninix.net; connect-src ssl.google-analytics.com js.stripe.com mb3admin.com 'self' aninix.net foundation.aninix.net; media-src blob: 'self' aninix.net foundation.aninix.net ; child-src blob: 'self' js.stripe.com aninix.net foundation.aninix.net www.google.com; form-action 'self' aninix.net foundation.aninix.net; upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self';";
|
add_header "Content-Security-Policy" "default-src data: 'self' aninix.net foundation.aninix.net; script-src foundation.aninix.net 'self' aninix.net data: 'unsafe-inline' 'unsafe-eval'; style-src foundation.aninix.net 'self' aninix.net foundation.aninix.net 'unsafe-inline'; img-src foundation.aninix.net 'self' aninix.net; font-src data: 'self' aninix.net foundation.aninix.net; connect-src mb3admin.com 'self' aninix.net foundation.aninix.net; media-src blob: 'self' aninix.net foundation.aninix.net ; child-src blob: 'self' aninix.net foundation.aninix.net; form-action 'self' aninix.net foundation.aninix.net; upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; default-src 'none'; ";
|
||||||
|
# Gitea requires unsafe-inline style sources for label colors
|
||||||
|
# TT-RSS requires unsafe-inline/unsafe-eval for its javascript dojo.js integrations.
|
||||||
|
Loading…
Reference in New Issue
Block a user