http context:
map $request_uri $csp_header { default "default-src 'self' ; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src * 'self' data: ; font-src 'self' ; media-src * 'self' ; form-action 'self'"; "~^/special" "default-src 'self' ; script-src 'self' 'unsafe-inline' ; style-src 'self' 'unsafe-inline' ; img-src * 'self' data: ; font-src 'self' ; media-src * 'self' ; form-action 'self'"; }server context:
add_header Content-Security-Policy $csp_header;
map $uri $csp_header {
default "default-src 'self'";
~^/api/ "default-src 'none'";
}
