• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Applying Content Security Policy (CSP)

learning_curve

learning_curve

Golden Pleskian
We have searched in this Plesk Onyx section for the correct way to apply this through nginx, but can't find any specific details. Outside of this forum, there's plenty of reference material and nearly all the nginx formats used / recommended out there provide this as a simple, starting point:
Code: 
add_header Content-Security-Policy "default-src 'self';”;
which we ammeded to this non-active version, so that we can see all the issues as they happen:
Code: 
add_header Content-Security-Policy-Report-Only "default-src 'self';”;
Using either of these however (after adding them via Plesk Panel / Domain / Apache & nginx settings always provides the same error:
Code: 
...unexpected end of file, expecting ";" or "}" in /var/www/vhosts/system/[TEST-DOMAIN]/conf/vhost_nginx.conf:15
nginx: configuration file /etc/nginx/nginx.conf test failed
It's clearly, a simple typo by us somewhere, but we've tried many different permuations and even a different approach, by creating a new additional .conf file here: /etc/nginx/conf.d but that also produces the same error, so we're stuck :confused: There's no detrimental affect on our server because the linked nginx test fails and reports everyting before we re-start nginx, which is nice.

We'd like to run this 'starting point' successfully before we experiment with the many additional suffix instructions as CSP is now at level 2 (Content Security Policy CSP Reference & Examples ). If anyone can see what we can't see or, suggest a different Plesk focused format, that would be great and well received.
 
Hahahahahaha Yes, we've looked at plenty of trees, but the missing wood mystery continues...:)
The original ending
;";
Click to expand...
is exactly as you'll see it on all external references - a litttle odd but we followed it

If we now try
Code: 
add_header Content-Security-Policy-Report-Only "default-src 'self'";"
which we think you meant in your post, or even
Code: 
add_header Content-Security-Policy-Report-Only "default-src 'self';";"
it's still the same error... We did try quite a lot of permutations previously but we cannot find one that will run without an error... :eek:
 
Hi learning_curve,

naaaa.... :rolleyes:

Code: 
add_header Content-Security-Policy-Report-Only "default-src 'self'";

Just to clarify:

if you OPEN with " , you have to close with " and if you open with ' , you have to close with ' and the ENDING of each directive is always a ; . I tried to highlight the ; with my quotes, but this doesn't mean, that you should use it! :p ( I wonder from wich source you are taking suggestions. ^^ )
 
:) Yes, totally familiar with and agree with those logic statements.
That's why this was/is puzzling!
Please have a look at these two example images:
CPS Reference Guide: Dropbox - CPS Reference Guide.png
Sitepoint: Dropbox - Sitepoint.png
There's more but all are the same (so far...) with links if needed
They appear to contradict the logic above slightly and despite closing with a
;
Click to expand...
they produce the errors shown above, which is why we were temporily stuck and asked the question :(
CPS.png
 
Last edited:
The example you have added above works perfectly thank you. It's how we thought it should be, but didn't because of the reasons (guidance) in our last post above

So we'll stick to Plesk Forum guidance and that will be better ;)
 
You must log in or register to reply here.

Similar threads

B
Question nginx only / add_header values are added to all files, even images
Replies
1
Views
940
Peter Debik
P
J
Issue newline character in nginx headers should not be accepted
Replies
0
Views
1K
johnrdorazio
J
K
Issue Dovecot backup/sync to second server fails - Error: auth-master: userdb lookup
Replies
0
Views
2K
kassi
K
Z
Question How to set Contents Security Policy
Replies
0
Views
4K
Zoo3
Z
S
Resolved Plesk penetration test security
Replies
9
Views
4K
Seba
S
Back
Top