colin
/
ShowerLoop-cc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update Content Security Policy to allow data fonts and blob workers
ci/woodpecker/push/woodpecker Pipeline was successful Details

This commit is contained in:
Leopere 2025-03-07 19:01:56 -05:00
parent 2b5eabdd22
commit d2c70ee746
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docker/showerloop/Caddyfile.default.template
View File

@ -49,7 +49,7 @@
X-Frame-Options "SAMEORIGIN"
# Update CSP to allow media content, scripts, and blob URLs
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; media-src 'self' blob:; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; block-all-mixed-content;"
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; media-src 'self' blob:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; worker-src 'self' blob:"
# Remove Server header
-Server