How to set a conditional Content-Security-Policy?
hal469 at xsmail.com
hal469 at xsmail.com
Tue Mar 27 17:56:45 UTC 2018
> There are "if" constructs in nginx, see http://nginx.org/r/if.
Well I'll be darned. I'd thought "if was evil". Thx.
> On the other hand, if you want to set CSP depending on the client
> IP address, it might be better idea to use "geo" instead, e.g.:
>
> geo $csp {
> default "default-src 'self'; script-src 'self';";
> 10.0.0.0/8 "default-src 'self'; script-src 'self' 'unsafe-inline'";
> }
>
> add_header Content-Security-Policy $csp;
Works perfectly! Thx!
More information about the nginx
mailing list