From 4cab22d5f4d0bf1b31a261d26df67ce0e3846a33 Mon Sep 17 00:00:00 2001
From: zino <marlon.maschkiwitz@4players.io>
Date: Mon, 27 Nov 2023 17:46:33 +0100
Subject: [PATCH] modified

---
 volumes/conf.d/code.zinomedia.de.conf | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/volumes/conf.d/code.zinomedia.de.conf b/volumes/conf.d/code.zinomedia.de.conf
index 1fc63f4..de320b1 100644
--- a/volumes/conf.d/code.zinomedia.de.conf
+++ b/volumes/conf.d/code.zinomedia.de.conf
@@ -14,24 +14,23 @@ server {
     ssl_session_timeout 10m;
     ssl_prefer_server_ciphers on;
 
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:;" always;
+
     location / {
         resolver 127.0.0.11;
         set $upstream "code-server:8443";
 
         proxy_pass http://$upstream;
-
         proxy_http_version 1.1;
         proxy_set_header Host $host;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Accept-Encoding gzip;
         proxy_set_header Connection upgrade;
-        proxy_set_header Accept-Encoding gzip;
         proxy_headers_hash_max_size 512;
         proxy_headers_hash_bucket_size 128;
         proxy_read_timeout 3600;
-        add_header Content-Security-Policy "default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';" always;
     }
-
 }
 
 server {
@@ -39,4 +38,4 @@ server {
     listen [::]:80;
     server_name code.zinomedia.de;
     return 301 https://$host$request_uri;
-}
\ No newline at end of file
+}