From 06a596b17e52d73d504324ca56bbf95e015bcf2b Mon Sep 17 00:00:00 2001
From: Joe Herman <8235320+joe-herman@users.noreply.github.com>
Date: Fri, 27 Sep 2024 15:18:52 -0400
Subject: [PATCH] chore: add CSP header

---
 nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx.conf b/nginx.conf
index 152e5c330..451122937 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -45,6 +45,6 @@ http {
     add_header "X-Frame-Options" "DENY" always;
     add_header "X-Content-Type-Options" "nosniff";
     add_header "X-Permitted-Cross-Domain-Policies" "master-only";
+    add_header "Content-Security-Policy" "default-src 'self'; connect-src 'self' https://*.aptible.com https://*.aptible-sandbox.com https://*.aptible-staging.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self' https://*.aptible.com https://*.aptible-sandbox.com https://*.aptible-staging.com;";
   }
 }
-