From 0f9f94d2ce1c1510e5e4471447ba3f8f780f7612 Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Tue, 15 Aug 2023 17:09:44 -0700
Subject: [PATCH] Add upgrade-insecure-requests;

---
 .../linux/Slightly Improving Mailcow Security.md     |  2 +-
 static/_headers                                      | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/content/posts/linux/Slightly Improving Mailcow Security.md b/content/posts/linux/Slightly Improving Mailcow Security.md
index 446774e..b66acc0 100644
--- a/content/posts/linux/Slightly Improving Mailcow Security.md	
+++ b/content/posts/linux/Slightly Improving Mailcow Security.md	
@@ -81,7 +81,7 @@ add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https
 #### If you do not use Gravatar with SOGo
 
 ```
-add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'";
+add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'";
 ```
 
 ### Cross-Origin Resource, Opener, and Embedder Policies
diff --git a/static/_headers b/static/_headers
index 05e6de3..d7a0180 100644
--- a/static/_headers
+++ b/static/_headers
@@ -1,6 +1,6 @@
 /*
   Strict-Transport-Security : max-age=63072000; includeSubDomains; preload
-  Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
+  Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
   X-Content-Type-Options : nosniff
   Referrer-Policy : no-referrer
   X-Frame-Options : DENY
@@ -12,27 +12,27 @@
 
 /posts/knowledge/multi-factor-authentication/
   ! Content-Security-Policy
-  Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
+  Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
   Cross-Origin-Embedder-Policy : unsafe-none
 
 /posts/android/android-tips/
   ! Content-Security-Policy
-  Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
+  Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
   Cross-Origin-Embedder-Policy : unsafe-none
 
 /posts/android/choosing-your-android-based-operating-system/
   ! Content-Security-Policy
-  Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self' https://i.ytimg.com; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
+  Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self' https://i.ytimg.com; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
   Cross-Origin-Embedder-Policy : unsafe-none
 
 /posts/linux/choosing-your-desktop-linux-distribution/
   ! Content-Security-Policy
-  Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
+  Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
   Cross-Origin-Embedder-Policy : unsafe-none
 
 /posts/linux/desktop-linux-hardening/
   ! Content-Security-Policy
-  Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'
+  Content-Security-Policy : default-src 'none'; connect-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; frame-src https://www.youtube-nocookie.com https://www.google.com; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'
   Cross-Origin-Embedder-Policy : unsafe-none
 
 /*.xml