Content Security Policies for Common WebApps

3/15/2016 - 10:11 PM

Content Security Policies for Common WebApps

Rendered
Source

Gitlab (community Edition)

Header always set Content-Security-Policy: "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;"

Munin

Header always set Content-Security-Policy: "default-src 'self';"

Nagios

Header always set Content-Security-Policy: "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; img-src 'self' assets.nagios.com/images/; connect-src 'self' www.nagios.org; frame-src 'self' www.youtube.com/embed/;"

Owncloud

Header always set Content-Security-Policy: "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval';"

Puppet Dashboard

Header always set Content-Security-Policy: "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';"

ShellInABox

Header always set Content-Security-Policy: "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval';"

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster