On Wednesday 18 February 2015 17:57:13 Daniël Mostertman wrote:
[..]
> What am I doing wrong, if anything? And if I can avoid using "if" like
> that, I'd obviously prefer that.
>
You can avoid it by using the map directive and a variable
as the add_header value.
Like this:
map $http_user_agent $csp {
~MSIE "";
default "
default-src 'self' https://*.example.nl https://*.example.net;
connect-src 'self' https://*.example.nl https://*.example.net;
font-src 'self' data: https://*.example.nl https://*.example.net;
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.example.nl
https://*.example.net;
style-src 'self' 'unsafe-inline';
img-src 'self' data: https://*.example.nl https://*.example.net;
frame-src 'self';
object-src 'self' 'unsafe-inline';
";
}
add_header Content-Security-Policy $csp;
--
wbr, Valentin V. Bartenev
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
