diff --git a/nginx-prod.conf b/nginx-prod.conf index 6b30d92..f1702dd 100644 --- a/nginx-prod.conf +++ b/nginx-prod.conf @@ -54,7 +54,7 @@ http { set $cspNonce $request_id; set $csp_reports https://europe-west1-digdir-cloud-functions.cloudfunctions.net/cloud-logging-csp-staging; - set $csp_policy_fdk_portal "default-src 'self'; script-src 'self' https://siteimproveanalytics.com https://sparql.fellesdatakatalog.digdir.no 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://altinncdn.no https://fonts.googleapis.com 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://fellesdatakatalog.digdir.no https://*.fellesdatakatalog.digdir.no https://europe-west1-digdir-cloud-functions.cloudfunctions.net https://prefix.cc https://rdf.kartverket.no; font-src 'self' https://altinncdn.no https://fonts.gstatic.com; frame-src 'self' https://sso.fellesdatakatalog.digdir.no https://www.youtube.com; frame-ancestors 'none'; img-src 'self' https://datalandsbyen.norge.no https://orglogo.difi.no https://6255470.global.siteimproveanalytics.io; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri ${csp_reports};"; + set $csp_policy_fdk_portal "default-src 'self'; script-src 'self' https://siteimproveanalytics.com https://sparql.fellesdatakatalog.digdir.no 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://altinncdn.no https://fonts.googleapis.com 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://fellesdatakatalog.digdir.no https://*.fellesdatakatalog.digdir.no https://europe-west1-digdir-cloud-functions.cloudfunctions.net https://prefix.cc https://rdf.kartverket.no https://datalandsbyen.norge.no https://sparql.staging.fellesdatakatalog.digdir.no; font-src 'self' https://altinncdn.no https://fonts.gstatic.com; frame-src 'self' https://sso.fellesdatakatalog.digdir.no https://www.youtube.com; frame-ancestors 'none'; img-src 'self' https://datalandsbyen.norge.no https://orglogo.difi.no https://6255470.global.siteimproveanalytics.io; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri ${csp_reports};"; set $csp_policy_static_rdf "base-uri 'self'; default-src 'self'; script-src 'self' cdnjs.cloudflare.com code.jquery.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none'; report-uri ${csp_reports};"; set $csp_policy_validator "base-uri 'self'; default-src 'self'; connect-src 'self' https://*.fellesdatakatalog.digdir.no; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://res-1.cdn.office.net; frame-ancestors 'none'; report-uri ${csp_reports};"; set $csp_policy_frontpage "default-src 'self'; script-src 'self' 'nonce-$cspNonce' 'strict-dynamic' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: https://cache.kartverket.no https://6255470.global.siteimproveanalytics.io; font-src 'self'; connect-src 'self' https://aisearch.api.fellesdatakatalog.digdir.no; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests;";