diff --git a/conf/conf.d/default.conf b/conf/conf.d/default.conf index 0b06b0073..fe21d3e3c 100644 --- a/conf/conf.d/default.conf +++ b/conf/conf.d/default.conf @@ -12,7 +12,6 @@ server { server_tokens off; listen 8080; expires $expires; - add_header Content-Security-Policy "default-src 'self' accounts.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' apis.google.com *.google-analytics.com www.gstatic.com accounts.google.com; connect-src 'self' *.firecloud.org *.broadinstitute.org *.googleapis.com *.google-analytics.com profile-dot-broad-shibboleth-prod.appspot.com broadinstitute.zendesk.com; img-src 'self' data: *.google-analytics.com; style-src 'self' 'unsafe-inline' www.gstatic.com; base-uri 'self'; form-action 'self'; font-src 'self' fonts.gstatic.com; frame-ancestors 'self';"; error_page 400 401 403 404 /; location / { root /usr/share/nginx/html;