the10thwiz/Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use nginx variable to build CSP

Browse Source
This commit is contained in:
Matthew Pomes
2025-10-08 00:43:24 -05:00
parent 816cca7f4f
commit 5d5e514184
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
nginx/sites-enabled/karakeep
View File

@@ -40,7 +40,10 @@ server {
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# Enforces https content and restricts JS/CSS to origin
# External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* data: ; style-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtubse.com blob: data:; worker-src 'self' blob: data:; connect-src 'self' data:; object-src 'none' data:; frame-ancestors 'self' data:; font-src 'self' data:";
set $CSP "default-src https: data: blob:"
set $CSP "$CSP; img-src 'self' https://* data:"
# add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* data: ; style-src 'self' 'unsafe-inline' data:; style-src-elem data:; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtubse.com blob: data:; worker-src 'self' blob: data:; connect-src 'self' data:; object-src 'none' data:; frame-ancestors 'self' data:; font-src 'self' data:";
add_header Content-Security-Policy $CSP;
location /.well-known/acme-challenge/ {
root /var/www/certbot;