From 815fd032cd57525ecb52c39339c2440e19d58276 Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Sat, 3 Jun 2023 11:02:04 +0200 Subject: [PATCH 1/8] 1.3.0 (#223) * first test upgrade to 1.3.0 * Auto-update README * fix * fix * fix * fix * fix * add test from 1.2.10 * fix funkwhale-manage collectstatic * fix path --------- Co-authored-by: yunohost-bot --- README.md | 2 +- README_fr.md | 2 +- conf/funkwhale-beat.service | 2 +- conf/funkwhale-server.service | 2 +- conf/funkwhale-worker.service | 2 +- manifest.toml | 14 +++++++------- scripts/change_url | 4 ++-- scripts/install | 18 +++++++----------- scripts/upgrade | 22 ++++++++++------------ tests.toml | 3 ++- 10 files changed, 33 insertions(+), 38 deletions(-) diff --git a/README.md b/README.md index 1c0266d..b954f11 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Funkwhale is a community-driven project that lets you listen and share music and audio within a decentralized, open network. -**Shipped version:** 1.2.10~ynh3 +**Shipped version:** 1.3.0~ynh1 **Demo:** https://demo.funkwhale.audio diff --git a/README_fr.md b/README_fr.md index 2c5360c..d00752c 100644 --- a/README_fr.md +++ b/README_fr.md @@ -18,7 +18,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Funkwhale est un projet communautaire qui vous permet d'écouter et de partager de la musique et de l'audio au sein d'un réseau ouvert et décentralisé. -**Version incluse :** 1.2.10~ynh3 +**Version incluse :** 1.3.0~ynh1 **Démo :** https://demo.funkwhale.audio diff --git a/conf/funkwhale-beat.service b/conf/funkwhale-beat.service index 7747cb1..2eddd2b 100644 --- a/conf/funkwhale-beat.service +++ b/conf/funkwhale-beat.service @@ -8,7 +8,7 @@ User=__APP__ Group=__APP__ WorkingDirectory=__INSTALL_DIR__/api EnvironmentFile=__INSTALL_DIR__/config/.env -ExecStart=__INSTALL_DIR__/virtualenv/bin/celery -A funkwhale_api.taskapp beat -l INFO +ExecStart=__INSTALL_DIR__/venv/bin/celery -A funkwhale_api.taskapp beat -l INFO # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these diff --git a/conf/funkwhale-server.service b/conf/funkwhale-server.service index ddb56af..e55b0bb 100644 --- a/conf/funkwhale-server.service +++ b/conf/funkwhale-server.service @@ -8,7 +8,7 @@ User=__APP__ Group=__APP__ WorkingDirectory=__INSTALL_DIR__/api EnvironmentFile=__INSTALL_DIR__/config/.env -ExecStart=__INSTALL_DIR__/virtualenv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT} +ExecStart=__INSTALL_DIR__/venv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT} # Denying access to capabilities that should not be relevant for webapps # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html diff --git a/conf/funkwhale-worker.service b/conf/funkwhale-worker.service index b82e4e3..2a91c6e 100644 --- a/conf/funkwhale-worker.service +++ b/conf/funkwhale-worker.service @@ -8,7 +8,7 @@ User=__APP__ Group=__APP__ WorkingDirectory=__INSTALL_DIR__/api EnvironmentFile=__INSTALL_DIR__/config/.env -ExecStart=__INSTALL_DIR__/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO --concurrency=0 +ExecStart=__INSTALL_DIR__/venv/bin/celery -A funkwhale_api.taskapp worker -l INFO --concurrency=0 # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these diff --git a/manifest.toml b/manifest.toml index 91afc73..266b031 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Funkwhale" description.en = "Convivial and modern music server" description.fr = "Serveur de musique moderne et convivial" -version = "1.2.10~ynh3" +version = "1.3.0~ynh1" maintainers = ["Ciarán Ainsworth"] @@ -19,7 +19,7 @@ code = "https://dev.funkwhale.audio/funkwhale/funkwhale" fund = "https://next.funkwhale.audio/donate/" [integration] -yunohost = ">= 11.1.15" +yunohost = ">= 11.1.19" architectures = "all" multi_instance = true ldap = false @@ -45,15 +45,15 @@ ram.runtime = "50M" [resources] [resources.sources] [resources.sources.api] - url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.2.10/download?job=build_api" - sha256 = "c0a840f223b4a3a93ffb2639e1bacb709d8ec9ed62214b377971aad5c04ae815" + url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.3.0/download?job=build_api" + sha256 = "57323ce6641183bd33fcf3aa243b0b7aba667509da8c5c3446b73def40109650" in_subdir = true extract = true format = "zip" [resources.sources.front] - url = "https://dev.funkwhale.audio/funkwhale/funkwhale/builds/artifacts/1.2.10/download?job=build_front" - sha256 = "c8845317d1cc6aae7f46d1e69e22fa378c45b563e1ad1edd57d3db08af6f7a44" + url = "https://dev.funkwhale.audio/funkwhale/funkwhale/builds/artifacts/1.3.0/download?job=build_front" + sha256 = "8e17543cd688572f7e48c9c416ef33c065c7c6ac01b5ae85939632030a530bf0" in_subdir = true extract = true format = "zip" @@ -71,7 +71,7 @@ ram.runtime = "50M" main.url = "/" [resources.apt] - packages = "postgresql curl python3-pip python3-venv git unzip libldap2-dev libsasl2-dev gettext-base zlib1g-dev libffi-dev libssl-dev build-essential ffmpeg libjpeg-dev libmagic-dev libpq-dev python3-dev make zlib1g-dev libffi-dev libssl-dev" + packages = "build-essential curl ffmpeg libjpeg-dev libmagic-dev libpq-dev postgresql postgresql-client postgresql-contrib python3-dev libldap2-dev libsasl2-dev make unzip zlib1g-dev libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg-dev redis-server python3-venv git" [resources.database] type = "postgresql" diff --git a/scripts/change_url b/scripts/change_url index 673e8a1..8863bd4 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -39,8 +39,8 @@ ynh_add_config --template="../conf/env.prod" --destination="$install_dir/config/ # MODIFY THE FEDERATION #================================================= -source $install_dir/virtualenv/bin/activate -ynh_exec_warn_less python3 $install_dir/api/manage.py fix_federation_ids https://$old_domain https://$new_domain --no-dry-run --no-input +source $install_dir/venv/bin/activate +ynh_exec_warn_less ynh_exec_as $app $install_dir/venv/bin/funkwhale-manage fix_federation_ids https://$old_domain https://$new_domain --no-dry-run --no-input #================================================= # START SYSTEMD SERVICE diff --git a/scripts/install b/scripts/install index b267235..b787df7 100644 --- a/scripts/install +++ b/scripts/install @@ -86,14 +86,10 @@ ynh_add_systemd_config --service="${app}-beat" --template="funkwhale-beat.serv ynh_script_progression --message="Installing Python dependencies..." --weight=1 pushd $install_dir - python3 -m venv $install_dir/virtualenv - source $install_dir/virtualenv/bin/activate - pip install --upgrade pip - pip install --upgrade setuptools - ynh_exec_warn_less pip install wheel toml - # Workaround for error AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK' - ynh_replace_string --match_string="pyOpenSSL~=20.0.1" --replace_string="pyOpenSSL~=21.0.0" --target_file="$install_dir/api/requirements/base.txt" - ynh_exec_warn_less pip install -r api/requirements.txt + python3 -m venv $install_dir/venv + source $install_dir/venv/bin/activate + ynh_exec_warn_less pip install --upgrade pip wheel toml + ynh_exec_warn_less pip install --editable ./api popd #================================================= @@ -102,14 +98,14 @@ popd ynh_script_progression --message="Building funkwhale..." --weight=1 pushd $install_dir - source $install_dir/virtualenv/bin/activate + source $install_dir/venv/bin/activate # needed for enabling the 'unaccent' extension ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH SUPERUSER;" --database="$db_name" - ynh_exec_warn_less python api/manage.py migrate + ynh_exec_warn_less ynh_exec_as $app $install_dir/venv/bin/funkwhale-manage migrate ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH NOSUPERUSER;" --database="$db_name" echo "from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser('$admin', '$admin_mail', 'funkwhale') " | ynh_exec_warn_less python api/manage.py shell - echo "yes" | ynh_exec_warn_less python api/manage.py collectstatic + echo "yes" | ynh_exec_warn_less ynh_exec_as $app $install_dir/venv/bin/funkwhale-manage collectstatic popd chmod 750 "$install_dir" diff --git a/scripts/upgrade b/scripts/upgrade index 1212289..a28a83a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -59,15 +59,13 @@ ynh_add_nginx_config ynh_script_progression --message="Installing Python dependencies..." --weight=1 pushd $install_dir -ynh_secure_remove --file="$install_dir/virtualenv" - python3 -m venv $install_dir/virtualenv - source $install_dir/virtualenv/bin/activate - pip install --upgrade pip - pip install --upgrade setuptools - ynh_exec_warn_less pip install wheel toml - # Workaround for error AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK' - ynh_replace_string --match_string="pyOpenSSL~=20.0.1" --replace_string="pyOpenSSL~=21.0.0" --target_file="$install_dir/api/requirements/base.txt" - ynh_exec_warn_less pip install -r api/requirements.txt + ynh_secure_remove --file="$install_dir/virtualenv" + ynh_secure_remove --file="$install_dir/venv" + + python3 -m venv $install_dir/venv + source $install_dir/venv/bin/activate + ynh_exec_warn_less pip install --upgrade pip wheel toml + ynh_exec_warn_less pip install --editable ./api popd #================================================= @@ -86,13 +84,13 @@ chown $app:$app "$install_dir/config/.env" ynh_script_progression --message="Upgrading Funkwhale..." --weight=1 pushd $install_dir - source $install_dir/virtualenv/bin/activate + source $install_dir/venv/bin/activate - echo "yes" | ynh_exec_warn_less python api/manage.py collectstatic --clear --noinput + echo "yes" | ynh_exec_warn_less $install_dir/venv/bin/funkwhale-manage collectstatic --clear --noinput # needed for enabling the 'unaccent' extension ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH SUPERUSER;" --database="$db_name" - ynh_exec_warn_less python api/manage.py migrate + ynh_exec_warn_less ynh_exec_as $app $install_dir/venv/bin/funkwhale-manage migrate ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH NOSUPERUSER;" --database="$db_name" popd diff --git a/tests.toml b/tests.toml index 8192159..def6a41 100644 --- a/tests.toml +++ b/tests.toml @@ -4,5 +4,6 @@ test_format = 1.0 exclude = ["install.nourl"] - test_upgrade_from.7a50028.name = "Upgrade from 1.2.9" + test_upgrade_from.7a50028.name = "1.2.9" + test_upgrade_from.ae7b6c5.name = "1.2.10" From 309b41d98f1e68c3ccb31f7c75f99f39b1d4e04b Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Sat, 3 Jun 2023 21:25:40 +0200 Subject: [PATCH 2/8] adapt nginx.conf --- conf/nginx.conf | 71 +++++++++++++++++++++---------------------------- 1 file changed, 31 insertions(+), 40 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index e01ed0f..6b33ec6 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,6 +1,6 @@ -root __INSTALL_DIR__/front/dist; +root __INSTALL_DIR__/front; -location / { +location /api/ { # global proxy conf proxy_set_header Host $host; @@ -18,29 +18,21 @@ location / { # this is needed if you have file import via upload enabled client_max_body_size 100M; - proxy_pass http://127.0.0.1:__PORT__/; + proxy_pass http://127.0.0.1:__PORT__; } -location /front/ { - more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"; - more_set_headers "Referrer-Policy: strict-origin-when-cross-origin"; - more_set_headers "Service-Worker-Allowed: /"; - more_set_headers "X-Frame-Options: SAMEORIGIN"; - alias __INSTALL_DIR__/front/dist/; - expires 30d; - more_set_headers "Pragma: public"; - more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate"; +location / { + alias __INSTALL_DIR__/front/; + expires 1d; + try_files $uri $uri/ /index.html; } -location /front/embed.html { - more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"; - more_set_headers "Referrer-Policy: strict-origin-when-cross-origin"; +location /embed.html { + add_header Content-Security-Policy "connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:"; + add_header Referrer-Policy "strict-origin-when-cross-origin"; - more_set_headers "X-Frame-Options: ALLOW"; - alias __INSTALL_DIR__/front/dist/embed.html; - expires 30d; - more_set_headers "Pragma: public"; - more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate"; + alias __INSTALL_DIR__/front/embed.html; + expires 1d; } location /federation/ { @@ -98,33 +90,32 @@ location /.well-known/ { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; - proxy_pass http://127.0.0.1:__PORT__/.well-known/; + proxy_pass http://127.0.0.1:__PORT__; } location /media/__sized__/ { alias __DATA_DIR__/data/media/__sized__/; + add_header Acces-Control-Allow-Origin '*'; } location /media/attachments/ { alias __DATA_DIR__/data/media/attachments/; + add_header Access-Control-Allow-Origin '*'; } -location /_protected/media/ { - # this is an internal location that is used to serve - # audio files once correct permission / authentication - # has been checked on API side - internal; - alias __DATA_DIR__/data/media/; -} - -# Comment the previous location and uncomment this one if you're storing -# media files in a S3 bucket -# location ~ /_protected/media/(.+) { -# internal; -# # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932 -# proxy_set_header Authorization ""; -# proxy_pass $1; -# } + # This is an internal location that is used to serve + # media (uploaded) files once correct permission / authentication + # has been checked on API side. + # Comment the "NON-S3" commented lines and uncomment "S3" commented lines + # if you're storing media files in a S3 bucket. + #location ~ /_protected/media/(.+) { + # internal; + # alias ${MEDIA_ROOT}/$1; # NON-S3 + # # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932. +# proxy_set_header Authorization ""; # S3 +# proxy_pass $1; # S3 + # add_header Access-Control-Allow-Origin '*'; + #} location /_protected/music/ { # this is an internal location that is used to serve @@ -133,9 +124,9 @@ location /_protected/music/ { # Set this to the same value as your MUSIC_DIRECTORY_PATH setting internal; alias __DATA_DIR__/data/music/; + add_header Access-Control-Allow-Origin '*'; } -location /staticfiles/ { - # django static files - alias __DATA_DIR__/data/static/; +location /manifest.json { + return 302 /api/v1/instance/spa-manifest.json; } From 0171ac1fe909bf522318f20e356575b6f6e7faa4 Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Sat, 3 Jun 2023 22:19:41 +0200 Subject: [PATCH 3/8] fix nginx --- conf/env.prod | 1 - conf/nginx.conf | 6 +++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/conf/env.prod b/conf/env.prod index 17cdd4d..71a56f8 100644 --- a/conf/env.prod +++ b/conf/env.prod @@ -159,7 +159,6 @@ LDAP_ROOT_DN=ou=users,dc=yunohost,dc=org LDAP_USER_ATTR_MAP=username:uid FUNKWHALE_FRONTEND_PATH=__INSTALL_DIR__/front/dist -FUNKWHALE_SPA_HTML_ROOT=__INSTALL_DIR__/front/dist/index.html # Nginx related configuration NGINX_MAX_BODY_SIZE=100M diff --git a/conf/nginx.conf b/conf/nginx.conf index 6b33ec6..b2a1dc8 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,4 +1,4 @@ -root __INSTALL_DIR__/front; +root __INSTALL_DIR__/front/dist; location /api/ { @@ -22,7 +22,7 @@ location /api/ { } location / { - alias __INSTALL_DIR__/front/; + alias __INSTALL_DIR__/front/dist/; expires 1d; try_files $uri $uri/ /index.html; } @@ -31,7 +31,7 @@ location /embed.html { add_header Content-Security-Policy "connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:"; add_header Referrer-Policy "strict-origin-when-cross-origin"; - alias __INSTALL_DIR__/front/embed.html; + alias __INSTALL_DIR__/front/dist/embed.html; expires 1d; } From e2e9e525113392709b27db4bfb1b9c1f3b1150e0 Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Sat, 3 Jun 2023 22:33:21 +0200 Subject: [PATCH 4/8] Change maintainer https://github.com/YunoHost-Apps/funkwhale_ynh/issues/225 --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 266b031..7b430ad 100644 --- a/manifest.toml +++ b/manifest.toml @@ -7,7 +7,7 @@ description.fr = "Serveur de musique moderne et convivial" version = "1.3.0~ynh1" -maintainers = ["Ciarán Ainsworth"] +maintainers = ["Thovi98"] [upstream] license = "AGPL-3.0-or-later" From ef9e182d5edae103c1eea959db391f1304f91a6c Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Sun, 4 Jun 2023 09:03:47 +0200 Subject: [PATCH 5/8] replace add_header by more_set_headers --- conf/nginx.conf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index b2a1dc8..1e68862 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -28,8 +28,8 @@ location / { } location /embed.html { - add_header Content-Security-Policy "connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:"; - add_header Referrer-Policy "strict-origin-when-cross-origin"; + more_set_headers "Content-Security-Policy: connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:"; + more_set_headers "Referrer-Policy: "strict-origin-when-cross-origin"; alias __INSTALL_DIR__/front/dist/embed.html; expires 1d; @@ -95,12 +95,12 @@ location /.well-known/ { location /media/__sized__/ { alias __DATA_DIR__/data/media/__sized__/; - add_header Acces-Control-Allow-Origin '*'; + more_set_headers "Acces-Control-Allow-Origin '*'"; } location /media/attachments/ { alias __DATA_DIR__/data/media/attachments/; - add_header Access-Control-Allow-Origin '*'; + more_set_headers "Access-Control-Allow-Origin '*'"; } # This is an internal location that is used to serve @@ -114,7 +114,7 @@ location /media/attachments/ { # # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932. # proxy_set_header Authorization ""; # S3 # proxy_pass $1; # S3 - # add_header Access-Control-Allow-Origin '*'; + # more_set_headers "Access-Control-Allow-Origin '*'"; #} location /_protected/music/ { @@ -124,7 +124,7 @@ location /_protected/music/ { # Set this to the same value as your MUSIC_DIRECTORY_PATH setting internal; alias __DATA_DIR__/data/music/; - add_header Access-Control-Allow-Origin '*'; + more_set_headers "Access-Control-Allow-Origin '*'"; } location /manifest.json { From ab3c72745612e8da9084b4022c69901922c04c0c Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Sun, 4 Jun 2023 09:13:38 +0200 Subject: [PATCH 6/8] fix more_set_headers --- conf/nginx.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 1e68862..5d9cbbb 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -95,12 +95,12 @@ location /.well-known/ { location /media/__sized__/ { alias __DATA_DIR__/data/media/__sized__/; - more_set_headers "Acces-Control-Allow-Origin '*'"; + more_set_headers 'Access-Control-Allow-Origin: *'; } location /media/attachments/ { alias __DATA_DIR__/data/media/attachments/; - more_set_headers "Access-Control-Allow-Origin '*'"; + more_set_headers 'Access-Control-Allow-Origin: *'; } # This is an internal location that is used to serve @@ -124,7 +124,7 @@ location /_protected/music/ { # Set this to the same value as your MUSIC_DIRECTORY_PATH setting internal; alias __DATA_DIR__/data/music/; - more_set_headers "Access-Control-Allow-Origin '*'"; + more_set_headers 'Access-Control-Allow-Origin: *'; } location /manifest.json { From d10a8ae3f249a1b4d837f313db0ca358d74f2cd9 Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Sun, 4 Jun 2023 09:24:50 +0200 Subject: [PATCH 7/8] fix nginx --- conf/nginx.conf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 5d9cbbb..1613e9f 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -29,7 +29,7 @@ location / { location /embed.html { more_set_headers "Content-Security-Policy: connect-src https: http: 'self'; default-src 'self'; script-src 'self' unpkg.com 'unsafe-inline' 'unsafe-eval'; style-src https: http: 'self' 'unsafe-inline'; img-src https: http: 'self' data:; font-src https: http: 'self' data:; object-src 'none'; media-src https: http: 'self' data:"; - more_set_headers "Referrer-Policy: "strict-origin-when-cross-origin"; + more_set_headers "Referrer-Policy: strict-origin-when-cross-origin"; alias __INSTALL_DIR__/front/dist/embed.html; expires 1d; @@ -95,12 +95,12 @@ location /.well-known/ { location /media/__sized__/ { alias __DATA_DIR__/data/media/__sized__/; - more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers "Access-Control-Allow-Origin: *"; } location /media/attachments/ { alias __DATA_DIR__/data/media/attachments/; - more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers "Access-Control-Allow-Origin: *"; } # This is an internal location that is used to serve @@ -124,7 +124,7 @@ location /_protected/music/ { # Set this to the same value as your MUSIC_DIRECTORY_PATH setting internal; alias __DATA_DIR__/data/music/; - more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers "Access-Control-Allow-Origin: *"; } location /manifest.json { From c96def65b0ae028194a71e179e3dbbc0e96294c0 Mon Sep 17 00:00:00 2001 From: Thomas <51749973+Thovi98@users.noreply.github.com> Date: Sun, 4 Jun 2023 09:32:03 +0200 Subject: [PATCH 8/8] Update nginx.conf --- conf/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 1613e9f..b1254ba 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -114,7 +114,7 @@ location /media/attachments/ { # # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932. # proxy_set_header Authorization ""; # S3 # proxy_pass $1; # S3 - # more_set_headers "Access-Control-Allow-Origin '*'"; + # more_set_headers "Access-Control-Allow-Origin: *"; #} location /_protected/music/ {