From 926842d949d41ce66b97d532b711ceb5061d998f Mon Sep 17 00:00:00 2001
From: wiz <j@wiz.biz>
Date: Sat, 4 Jul 2020 18:00:41 +0900
Subject: [PATCH] Fix HTTP content-security-policy header typo

---
 production/nginx.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/production/nginx.conf b/production/nginx.conf
index edbb0fdad..141e43622 100644
--- a/production/nginx.conf
+++ b/production/nginx.conf
@@ -148,12 +148,12 @@ http {
 		if ($http_referer ~ ^https://mempool.space/)
 		{
 			set $frameOptions "ALLOW-FROM https://mempool.space";
-			set $contentSecurityPolicy "ALLOW-FROM https://mempool.space";
+			set $contentSecurityPolicy "frame-ancestors https://mempool.space";
 		}
 		if ($http_referer ~ ^https://wiz.biz/)
 		{
 			set $frameOptions "ALLOW-FROM https://wiz.biz";
-			set $contentSecurityPolicy "ALLOW-FROM https://wiz.biz";
+			set $contentSecurityPolicy "frame-ancestors https://wiz.biz";
 		}
 
 		add_header X-Frame-Options $frameOptions;