From 71d274fbb09471952704f499254cfe68d4f4a4d5 Mon Sep 17 00:00:00 2001
From: frju365 <win10@tutanota.com>
Date: Sat, 13 Oct 2018 21:17:41 +0200
Subject: [PATCH 1/2] [enh] Allow peertube video which comes from a subdomain

---
 conf/nginx.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 156d56d..b5cbddd 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -2,7 +2,7 @@
 client_max_body_size 100M;
 
 # Content Security Policy : security to avoid launching unsecure script	
-add_header Content-Security-Policy "default-src 'none'; font-src 'self'; media-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; img-src 'self' blob: data:; connect-src 'self' wss://__DOMAIN__;";
+add_header Content-Security-Policy "default-src 'none'; font-src 'self'; media-src 'self' *.__DOMAIN__; object-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' *.__DOMAIN__; img-src 'self' blob: data:; connect-src 'self' wss://__DOMAIN__ *.__DOMAIN__;";
 
 # add to v1.4 assets
 root __FINALPATH__/live/public;

From 10ec0ffa7302c7359053eee2803b2cb50a06d3e2 Mon Sep 17 00:00:00 2001
From: frju365 <win10@tutanota.com>
Date: Sat, 29 Dec 2018 01:26:32 +0100
Subject: [PATCH 2/2] Useless CSP see
 https://github.com/tootsuite/mastodon/releases/tag/v2.6.0

---
 conf/nginx.conf | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index b5cbddd..a183a31 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,9 +1,6 @@
 # upload max size
 client_max_body_size 100M;
 
-# Content Security Policy : security to avoid launching unsecure script	
-add_header Content-Security-Policy "default-src 'none'; font-src 'self'; media-src 'self' *.__DOMAIN__; object-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' *.__DOMAIN__; img-src 'self' blob: data:; connect-src 'self' wss://__DOMAIN__ *.__DOMAIN__;";
-
 # add to v1.4 assets
 root __FINALPATH__/live/public;