Unified Diff: modules/web/templates/adblockplus.org.conf.erb
Issue 29352911:
Issue 4420 - Allow embedding YouTube videos on the blog (Closed)
Base URL: https://hg.adblockplus.org/infrastructure
Patch Set:
Created Sept. 13, 2016, 12:20 p.m.
Use n/p to move between diff chunks;
N/P to move between comments.
« no previous file with comments
|
« no previous file
|
modules/web/templates/global.conf.erb » ('j')
|
no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
| Index: modules/web/templates/adblockplus.org.conf.erb |
| =================================================================== |
| --- a/modules/web/templates/adblockplus.org.conf.erb |
| +++ b/modules/web/templates/adblockplus.org.conf.erb |
| @@ -1,12 +1,12 @@ |
| # XSS and clickjacking prevention headers |
| set $csp_frame ""; |
| -if ($uri ~ ^/(:?\w\w(_\w\w)?/)?(?:index|firefox|chrome|opera|android|internet-explorer|safari|yandex-browser|maxthon)?$) |
| +if ($uri ~ ^/(:?\w\w(_\w\w)?/)?(?:index|firefox|chrome|opera|android|internet-explorer|safari|yandex-browser|maxthon)?$|^/blog/) |
| { |
| set $csp_frame "; frame-src www.youtube-nocookie.com;"; |
| } |
| add_header Content-Security-Policy "default-src 'self'; img-src * data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' $csp_frame"; |
| add_header X-Frame-Options "sameorigin"; |
| # User agent sniffing |
« no previous file with comments
|
« no previous file
|
modules/web/templates/global.conf.erb » ('j')
|
no next file with comments »
