> There are "if" constructs in nginx, see http://nginx.org/r/if.
Well I'll be darned. I'd thought "if was evil". Thx.
> On the other hand, if you want to set CSP depending on the client
> IP address, it might be better idea to use "geo" instead, e.g.:
>
> geo $csp {
> default "default
For my nginx server, I set a CSP header
set $CSP '';
set $CSP "${CSP}default-src 'self';";
set $CSP "${CSP}script-src 'self';";
add_header Content-Security-Policy $CSP;
For a webapp, using Symfony, the developer UI injects inline script for display
of a "Debug Toolbar"
It's access-blocked
