nginx: Add CORS headers to /user_uploads.

Fixes: #12980.

Signed-off-by: Anders Kaseorg <anders@zulipchat.com>
This commit is contained in:
Anders Kaseorg 2019-08-11 18:08:22 -07:00 committed by Tim Abbott
parent 73330f3136
commit 263d71bf2b
1 changed files with 1 additions and 0 deletions

View File

@ -1,5 +1,6 @@
location /serve_uploads { location /serve_uploads {
internal; internal;
include /etc/nginx/zulip-include/api_headers;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self'; object-src 'self'; plugin-types application/pdf;"; add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self'; object-src 'self'; plugin-types application/pdf;";
include /etc/nginx/zulip-include/uploads.types; include /etc/nginx/zulip-include/uploads.types;