Update hsts.conf

Signed-off-by: Zoey <[email protected]>

Author: Zoey2936

rootfs/usr/local/nginx/conf/conf.d/include/hsts.conf

@@ -2,6 +2,6 @@ more_set_headers "X-XSS-Protection: 0";
 more_set_headers "X-Frame-Options: SAMEORIGIN";
 more_set_headers "X-Content-Type-Options: nosniff";
 more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
-more_set_headers "Content-Security-Policy: $content_security_policy";
+more_set_headers "Content-Security-Policy: $content_security_policy"; # if not set by upstream: upgrade-insecure-requests, else upstreams value is used
 
 more_set_headers "Strict-Transport-Security: $hsts_header"; # means: max-age=63072000; includeSubDomains; preload