the10thwiz/Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix karakeep CSP to allow full-page archives to work properly

Browse Source
This commit is contained in:
Matthew Pomes
2025-10-08 00:52:11 -05:00
parent 80f278a74c
commit 698f16c819
1 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
nginx/sites-enabled/karakeep
View File

@@ -42,7 +42,14 @@ server {
# External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
set $CSP "default-src https: data: blob:";
set $CSP "$CSP; img-src 'self' https://* data:";
# add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* data: ; style-src 'self' 'unsafe-inline' data:; style-src-elem data:; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtubse.com blob: data:; worker-src 'self' blob: data:; connect-src 'self' data:; object-src 'none' data:; frame-ancestors 'self' data:; font-src 'self' data:";
set $CSP "$CSP; style-src 'self' 'unsafe-inline' data:";
set $CSP "$CSP; style-src-elem 'self' 'unsafe-inline' data:";
set $CSP "$CSP; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtubse.com blob: data:";
set $CSP "$CSP; worker-src 'self' blob: data:";
set $CSP "$CSP; connect-src 'self' data:";
set $CSP "$CSP; object-src 'none' data:";
set $CSP "$CSP; frame-ancestors 'self' data:";
set $CSP "$CSP; font-src 'self' data:";
add_header Content-Security-Policy $CSP;
location /.well-known/acme-challenge/ {
@@ -58,6 +65,7 @@ server {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_hide_header Content-Security-Policy;
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
proxy_buffering off;