From 8ee94906022b6de7871ff91472b3346f9b253886 Mon Sep 17 00:00:00 2001
From: lapineige <lapineige@users.noreply.github.com>
Date: Mon, 29 May 2023 15:20:50 +0200
Subject: [PATCH 1/3] Fix media CSP + harden its security

https://github.com/YunoHost-Apps/akkoma_ynh/issues/35#issuecomment-1566672649
---
 conf/nginx.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 8b4f555..4cfbe81 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -36,6 +36,6 @@ location / {
   include conf.d/yunohost_panel.conf.inc;
 }
 
-location ~ ^/media {
-    more_set_headers "Content-Security-Policy : script-src 'sandbox';";
+location ~ ^/(proxy|media) {
+    more_set_headers "default-src 'none'; upgrade-insecure-requests; sandbox;";
 }

From aaf5552ea2fa1de9ebf95290e4c87613976e26a3 Mon Sep 17 00:00:00 2001
From: lapineige <lapineige@users.noreply.github.com>
Date: Mon, 29 May 2023 15:21:10 +0200
Subject: [PATCH 2/3] Update manifest.json

---
 manifest.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifest.json b/manifest.json
index b4a59ac..80a038a 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
         "en": "Federated social networking server built on ActivityPub open protocol",
         "fr": "Serveur de réseautage social fédéré basé sur le protocole ouvert ActivityPub"
     },
-    "version": "3.9.3~ynh1",
+    "version": "3.9.3~ynh2",
     "url": "https://akkoma.social/",
     "upstream": {
         "license": "AGPL-3.0-only",

From 1992986a1fd12e70ff858a62901efcd74764e09a Mon Sep 17 00:00:00 2001
From: yunohost-bot <yunohost@yunohost.org>
Date: Mon, 29 May 2023 13:21:14 +0000
Subject: [PATCH 3/3] Auto-update README

---
 README.md    | 2 +-
 README_fr.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 5403cd4..d4060a1 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
 Akkoma is a microblogging server software that can federate (= exchange messages with) other servers that support ActivityPub. What that means is that you can host a server for yourself or your friends and stay in control of your online identity, but still exchange messages with people on larger decentrilized and federated network. Akkoma will federate with all servers that implement ActivityPub, like Friendica, GNU Social, Hubzilla, Mastodon, Misskey, Pleroma, Peertube, or Pixelfed.
 
 
-**Shipped version:** 3.9.3~ynh1
+**Shipped version:** 3.9.3~ynh2
 
 **Demo:** https://otp.akkoma.dev
 
diff --git a/README_fr.md b/README_fr.md
index 6c938d6..0dfd446 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
 Akkoma is a microblogging server software that can federate (= exchange messages with) other servers that support ActivityPub. What that means is that you can host a server for yourself or your friends and stay in control of your online identity, but still exchange messages with people on larger decentrilized and federated network. Akkoma will federate with all servers that implement ActivityPub, like Friendica, GNU Social, Hubzilla, Mastodon, Misskey, Pleroma, Peertube, or Pixelfed.
 
 
-**Version incluse :** 3.9.3~ynh1
+**Version incluse :** 3.9.3~ynh2
 
 **Démo :** https://otp.akkoma.dev