the10thwiz/Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add allows for data: urls in the CSP

Browse Source
This commit is contained in:
Matthew Pomes
2025-10-08 00:36:16 -05:00
parent 60a0239682
commit 816cca7f4f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nginx/sites-enabled/karakeep
View File

@@ -40,7 +40,7 @@ server {
# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
# Enforces https content and restricts JS/CSS to origin
# External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'; font-src 'self'";
add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* data: ; style-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtubse.com blob: data:; worker-src 'self' blob: data:; connect-src 'self' data:; object-src 'none' data:; frame-ancestors 'self' data:; font-src 'self' data:";
location /.well-known/acme-challenge/ {
root /var/www/certbot;