Use consistent wording in CSP docs

Signed-off-by: David Mehren <git@herrmehren.de>
2024-11-22 01:36:29 -05:00 · 2021-08-06 13:37:59 +02:00 · 2021-08-06 13:37:59 +02:00 · 2ac89d3334
commit 2ac89d3334
parent 832f3522b3
1 changed files with 2 additions and 2 deletions
--- a/docs/content/configuration.md
+++ b/docs/content/configuration.md
@ -91,8 +91,8 @@ these are rarely used for various reasons.
 | `csp.addGoogleAnalytics`      | `CMD_CSP_ADD_GOOGLE_ANALYTICS` | **`false`** or `true`                                                                     | Enable to allow users to add Google Analytics to their notes. We don't recommend enabling this option, as it increases the attack surface of XSS attacks.                 |
 | `csp.upgradeInsecureRequests` |                                | **`auto`** or `true` or `false`                                                           | By default (`auto`), insecure (HTTP) requests are upgraded to HTTPS via CSP if `useSSL` is on. To change this behaviour, set to either `true` or `false`.                 |
 | `csp.reportUri`               | `CMD_CSP_REPORTURI`            | **`undefined`**, `https://<someid>.report-uri.com/r/d/csp/enforce`                        | Allows to add a URL for CSP reports in case of violations.                                                                                                                |
-| `csp.allowFraming`            | `CMD_CSP_ALLOW_FRAMING`        | **`true`** or `false`                                                                     | Disable to disallow framing of the instance. For increased security, we strongly recommend disabling this option, if you don't need to embed your notes in other pages.   |
-| `csp.allowPDFEmbed`           | `CMD_CSP_ALLOW_PDF_EMBED`      | **`true`** or `false`                                                                     | Disable to disallow embedding PDFs. For increased security, we recommend disabling this option.                                                                           |
+| `csp.allowFraming`            | `CMD_CSP_ALLOW_FRAMING`        | **`true`** or `false`                                                                     | Disable to disallow framing of the instance. We **strongly recommend disabling** this option, as it increases the attack surface of XSS attacks.                          |
+| `csp.allowPDFEmbed`           | `CMD_CSP_ALLOW_PDF_EMBED`      | **`true`** or `false`                                                                     | Disable to disallow embedding PDFs. We recommend disabling this option, as it increases the attack surface of XSS attacks.                                                |
 | `cookiePolicy`                | `CMD_COOKIE_POLICY`            | **`lax`**, `strict` or `none`                                                             | Set a SameSite policy whether cookies are send from cross-origin. Be careful: setting a SameSite value of none without https breaks the editor.                           | 

 ## Privacy and External Requests