From 8ee94906022b6de7871ff91472b3346f9b253886 Mon Sep 17 00:00:00 2001
From: lapineige <lapineige@users.noreply.github.com>
Date: Mon, 29 May 2023 15:20:50 +0200
Subject: [PATCH] Fix media CSP + harden its security

https://github.com/YunoHost-Apps/akkoma_ynh/issues/35#issuecomment-1566672649
---
 conf/nginx.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 8b4f555..4cfbe81 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -36,6 +36,6 @@ location / {
   include conf.d/yunohost_panel.conf.inc;
 }
 
-location ~ ^/media {
-    more_set_headers "Content-Security-Policy : script-src 'sandbox';";
+location ~ ^/(proxy|media) {
+    more_set_headers "default-src 'none'; upgrade-insecure-requests; sandbox;";
 }