From 698f16c819b1319838961da693befc6ef7ed268e Mon Sep 17 00:00:00 2001 From: Matthew Pomes Date: Wed, 8 Oct 2025 00:52:11 -0500 Subject: [PATCH] Fix karakeep CSP to allow full-page archives to work properly --- nginx/sites-enabled/karakeep | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/nginx/sites-enabled/karakeep b/nginx/sites-enabled/karakeep index 197cdbc..8174066 100644 --- a/nginx/sites-enabled/karakeep +++ b/nginx/sites-enabled/karakeep @@ -42,7 +42,14 @@ server { # External Javascript (such as cast_sender.js for Chromecast) must be whitelisted. set $CSP "default-src https: data: blob:"; set $CSP "$CSP; img-src 'self' https://* data:"; - # add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* data: ; style-src 'self' 'unsafe-inline' data:; style-src-elem data:; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtubse.com blob: data:; worker-src 'self' blob: data:; connect-src 'self' data:; object-src 'none' data:; frame-ancestors 'self' data:; font-src 'self' data:"; + set $CSP "$CSP; style-src 'self' 'unsafe-inline' data:"; + set $CSP "$CSP; style-src-elem 'self' 'unsafe-inline' data:"; + set $CSP "$CSP; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtubse.com blob: data:"; + set $CSP "$CSP; worker-src 'self' blob: data:"; + set $CSP "$CSP; connect-src 'self' data:"; + set $CSP "$CSP; object-src 'none' data:"; + set $CSP "$CSP; frame-ancestors 'self' data:"; + set $CSP "$CSP; font-src 'self' data:"; add_header Content-Security-Policy $CSP; location /.well-known/acme-challenge/ { @@ -58,6 +65,7 @@ server { proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; + proxy_hide_header Content-Security-Policy; # Disable buffering when the nginx proxy gets very resource heavy upon streaming proxy_buffering off;