'add_header' no longer allowed inside 'if', even though document says it is?
Valentin V. Bartenev
vbart at nginx.com
Wed Feb 18 17:12:25 UTC 2015
On Wednesday 18 February 2015 17:57:13 Daniël Mostertman wrote:
[..]
> What am I doing wrong, if anything? And if I can avoid using "if" like
> that, I'd obviously prefer that.
>
You can avoid it by using the map directive and a variable
as the add_header value.
Like this:
map $http_user_agent $csp {
~MSIE "";
default "
default-src 'self' https://*.example.nl https://*.example.net;
connect-src 'self' https://*.example.nl https://*.example.net;
font-src 'self' data: https://*.example.nl https://*.example.net;
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.example.nl https://*.example.net;
style-src 'self' 'unsafe-inline';
img-src 'self' data: https://*.example.nl https://*.example.net;
frame-src 'self';
object-src 'self' 'unsafe-inline';
";
}
add_header Content-Security-Policy $csp;
--
wbr, Valentin V. Bartenev
More information about the nginx
mailing list