MirrorMirror
/
funkwhale
mirror of https://dev.funkwhale.audio/funkwhale/funkwhale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Worker-Src to CSP-Header of nginx config, #1489 

(cherry picked from commit 1f3239f01d)
This commit is contained in:
Georg Krause 2021-07-02 20:56:37 +00:00
parent 6e1be964d7
commit d44fc7e6f3
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changes/changelog.d/1489.bugfix Normal file
View File

@ -0,0 +1 @@
Add worker-src to nginx header to prevent issues (#1489)

6
deploy/nginx.template
View File

@ -44,7 +44,7 @@ server {
# If you are using S3 to host your files, remember to add your S3 URL to the # If you are using S3 to host your files, remember to add your S3 URL to the
# media-src and img-src headers (e.g. img-src 'self' https://<your-S3-URL> data:) # media-src and img-src headers (e.g. img-src 'self' https://<your-S3-URL> data:)
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"; add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:; worker-src 'self'";
add_header Referrer-Policy "strict-origin-when-cross-origin"; add_header Referrer-Policy "strict-origin-when-cross-origin";
root ${FUNKWHALE_FRONTEND_PATH}; root ${FUNKWHALE_FRONTEND_PATH};
@ -84,7 +84,7 @@ server {
} }
location /front/ { location /front/ {
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"; add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:; worker-src 'self'";
add_header Referrer-Policy "strict-origin-when-cross-origin"; add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Service-Worker-Allowed "/"; add_header Service-Worker-Allowed "/";
add_header X-Frame-Options "SAMEORIGIN"; add_header X-Frame-Options "SAMEORIGIN";
@ -94,7 +94,7 @@ server {
add_header Cache-Control "public, must-revalidate, proxy-revalidate"; add_header Cache-Control "public, must-revalidate, proxy-revalidate";
} }
location /front/embed.html { location /front/embed.html {
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"; add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:; worker-src 'self'";
add_header Referrer-Policy "strict-origin-when-cross-origin"; add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header X-Frame-Options "ALLOW"; add_header X-Frame-Options "ALLOW";