YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

update Content-Security-Policy header for chromium

Browse source 
Chromium fails to load a jitsi video conference, refusing to create a
worker because it violates the Content Security Policy directive:
"script-src https: data: 'unsafe-inline' 'unsafe-eval'".
This commit is contained in:
Yann Autissier 2023-05-19 20:39:29 +00:00
parent 06826b4fc0
commit e8dd243218
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
conf/nginx/security.conf.inc
View file

@ -26,7 +26,7 @@ ssl_dhparam /usr/share/yunohost/ffdhe2048.pem;
# https://wiki.mozilla.org/Security/Guidelines/Web_Security
# https://observatory.mozilla.org/
{% if experimental == "True" %}
more_set_headers "Content-Security-Policy : upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'";
more_set_headers "Content-Security-Policy : upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:;";
{% else %}
more_set_headers "Content-Security-Policy : upgrade-insecure-requests";
{% endif %}