Folks, I have a little issue here:
I have a domain and a sub-domain, here you can see how I have it in the Nginx part
server {
large_client_header_buffers 1 1K;
listen 80;
server_name www.just4bettors.mobi just4bettors.mobi;
root /home/c0pt/capilleira/capilleiraclickandgamblemobile/www;
location / {
index index.html index.htm;
...
}
add_header Content-Security-Policy
"default-src 'self' http://just4bettors.mobi:1337;
connect-src http://just4bettors.mobi
http://just4bettors.mobi:1337
http://www.just4bettors.mobi
http://www.just4bettors.mobi:1337";
}
and this is the part for the sub-domain:
server {
listen 80;
server_name www.desktop.just4bettors.mobi desktop.just4bettors.mobi;
root /home/c0pt/capilleira/capilleiraclickandgambleweb/dist;
location / {
index index.html index.htm;
...
}
add_header Content-Security-Policy add_header
"default-src 'self' http://www.just4bettors.mobi;
connect-src http://just4bettors.mobi
http://just4bettors.mobi:1337
http://www.just4bettors.mobi
http://www.just4bettors.mobi:1337
http://www.desktop.just4bettors.mobi:1337
http://www.desktop.just4bettors.mobi";
}
this part of the errors I am getting in the console
Refused to connect to 'http://www.desktop.just4bettors.mobi/views/accFiguresModal.html' because it violates the following Content Security Policy directive: "connect-src http://just4bettors.mobi http://just4bettors.mobi:1337 http://
the error messages actually comes only when I try to connect to www.desktop.just4bettors.mobi but if I put www.just4bettors.mobi everything works properly, so the issue I have seems to be in the sub-domain part, and MY GUESS here is that I doing something wrong in the Content-Security-Policy, so, what are your suggestions ?