Hi,
I’m trying to make my NGINX server more secure, but this also work on Apache2.
What’s the best settings for the Content Security Policy (CSP) header for Seafile?
I have been “labbing” some now and if you make this wrong the site are not working as attended so I’m wondering if someone have been using this before and have some guidelines?
I have it like that in my apache conf, because there are some links from Seafile Website itself within the application (download link for the client, found this link in the html source code http://seafile.com/en/about/) and think i would break things if i did it not like this. I have open another topic where i was asking about a more fine grained CSP, but nobody could help me out till now.
The only variable part in the policy is this pattern: “https://[domain].[tld]”