When I load a page from OpenBSD served with relayd and httpd with
Content-Security-Policy set to default-src self, I can see that a basic
HTML page that normally renders with all of the text in the center is
now rendered on the left.
I have this currently configured with http://mostlybsd.com not loading
the header and https://mostlybsd.com loading the header.
I have also served the same HTML file in an Ubuntu server with nginx and
with the header enabled the page still renders in the center.
Is there something I am missing?
I have configured relayd with the following:
log state changes
log connection
prefork 10
list="ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
ipv4="45.32.193.189"
table <www> { 127.0.0.1 }
http protocol "https" {
tls ciphers $list
tls keypair mostlybsd.com
return error
match request header set "X-Forwarded-For" value "$REOTE_ADDR"
match request header set "X-Forwarded-Port" value "$REMOTE_PORT"
match response header set "Content-Security-Policy" value \
"default-src 'self'"
match response header set "Referrer-Policy" value "no-referrer"
match response header set "Strict-Transport-Security" value \
"max-age=15552000; includeSubDomains; preload"
match response header set "X-Content-Type-Options" value "nosniff"
match response header set "X-Frame-Options" value "SAMEORIGIN"
match response header set "X-XSS-Protection" value "1; mode=block"
match method GET tag ok
match method HEAD tag ok
block
pass tagged ok forward to <www>
}
relay "https" {
listen on $ipv4 port https tls
protocol "https"
forward to <www> port 8080
}
relay "http" {
listen on $ipv4 port http
forward to <www> port 8080
}
Thank you,
Paul