From 94780521a610c210cf0fd7677e0f4a6c05a090ba Mon Sep 17 00:00:00 2001
From: Fred Boniface <fred@fjla.uk>
Date: Fri, 3 Feb 2023 21:11:41 +0000
Subject: [PATCH] Frontend: Add CSP header

Signed-off-by: Fred Boniface <fred@fjla.uk>
---
 static/conf/nginx.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/static/conf/nginx.conf b/static/conf/nginx.conf
index f5eafbe..c00ff3d 100644
--- a/static/conf/nginx.conf
+++ b/static/conf/nginx.conf
@@ -27,6 +27,8 @@ http {
         server_name localhost;
         proxy_cache owl_cache;
 
+        add_header Content-Security-Policy "default-src 'self'";
+
         location / {
             root /site-static/;
             index index.html;
@@ -42,8 +44,6 @@ http {
             proxy_cache_key $scheme://$host$uri$is_args$query_string;
             proxy_ignore_headers Cache-Control;
             proxy_cache_valid 200 2m;  # Evaluate whether 2m or 1m is more appropriate
-            gzip on;
-            brotli on;
             expires 2m;
             add_header Cache-Control "private, no-transform";
         }