Skip to content

Commit

Permalink
Document complete CSP header
Browse files Browse the repository at this point in the history
  • Loading branch information
theory committed Aug 15, 2024
1 parent d1ca833 commit c24bde5
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -232,17 +232,17 @@ Here's how to run PGXN::Manager behind a reverse proxy server:

* If the proxy service includes a [content security
policy](https://content-security-policy.com) header (a.k.a. CSP), it will
need the following `script-src` to allow inline JavaScript in `<script>`
elements to function:
need the following configuration to allow any images, local JavaScript,
and specific inline JavaScript in `<script>` elements to function:

```
script-src 'sha256-C3v/abgU7GuNO8EfzYDFmryoploCskBljphPWnpJ0po=' 'sha256-QELwtyyu4lxId+yoW1ljK+y138CYTwHC227Tc8LvVgQ=' 'sha256-q0V4Ot8L8YlUzZm2BytfHTK0KQLzCyqZrdSpnyAci3E=' 'sha256-RXOpCJp6UcKxmxWS3RRnMIv2fHaWnBuOwWmfvAHGnHo=' 'sha256-n9f9UVAruXN1NnhRiCfpqgcPxLngJaTutVulqcDjmr8=' 'sha256-yqqMPK8onoDpDcwg2+lqdbbOlOg8LH8MuO7NHEgua2c='
Content-Security-Policy: default-src 'self'; img-src *; script-src 'self' 'sha256-C3v/abgU7GuNO8EfzYDFmryoploCskBljphPWnpJ0po=' 'sha256-QELwtyyu4lxId+yoW1ljK+y138CYTwHC227Tc8LvVgQ=' 'sha256-q0V4Ot8L8YlUzZm2BytfHTK0KQLzCyqZrdSpnyAci3E=' 'sha256-RXOpCJp6UcKxmxWS3RRnMIv2fHaWnBuOwWmfvAHGnHo=' 'sha256-n9f9UVAruXN1NnhRiCfpqgcPxLngJaTutVulqcDjmr8=' 'sha256-yqqMPK8onoDpDcwg2+lqdbbOlOg8LH8MuO7NHEgua2c='
```
These values were created by the following shell script:
This header was created by the following shell script:
``` sh
printf 'script-src '
printf "Content-Security-Policy: default-src 'self'; img-src *; script-src 'self' "
for js in "PGXN.validate_form('#reqform')" \
"PGXN.validate_form('#accform')" \
"PGXN.validate_form('#passform')" \
Expand Down

0 comments on commit c24bde5

Please sign in to comment.