Welcome! Log In Create A New Profile

Advanced

Re: Content Security Policy Headers are not appearing

November 29, 2022 10:35PM
Well this is particularly I noticed for https vhost config. The CSP headers are properly being displayed for http but not https.

Here is my config

more /etc/nginx/conf.d/sec-headers.conf

add_header Content-Security-Policy "default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;" always;



server {
include /etc/nginx/apploxconf.d/applox-bots-declare.conf;
include /etc/nginx/conf.d/sec-headers.conf;
listen 80;
.
..
.

And here is https

server {
include /etc/nginx/apploxconf.d/applox-bots-declare.conf;
include /etc/nginx/conf.d/sec-headers.conf;
listen 443 ssl http2;


However https properly gets reflected but not with https.

curl -I http://www.xxxx.xxx
HTTP/1.1 301 Moved Permanently
Date: Wed, 30 Nov 2022 03:20:23 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.xxxx.xxxx
Server: applox-waf
Content-Security-Policy: default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;


HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 03:33:47 GMT
Content-Type: text/html
Content-Length: 37579
Connection: keep-alive
Cache-Control: private
Set-Cookie: ASPSESSIONIDSGSTSTQQ=KOMPLPOCKOFKKCOELBNALAKE; secure; path=/
Server: applox-waf
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
X-Frame-Options: SAMEORIGIN
Subject Author Posted

Content Security Policy Headers are not appearing

blason November 29, 2022 09:32PM

Re: Content Security Policy Headers are not appearing

blason November 29, 2022 10:35PM

Re: Content Security Policy Headers are not appearing

Maxim Dounin November 29, 2022 10:58PM

Re: Content Security Policy Headers are not appearing

blason November 30, 2022 11:00AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 224
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready