diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2020-05-22 19:13:13 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2020-05-22 19:13:13 +0200 |
| commit | 4797826cd2d7b64bf1d2c29c22a09f960ddbac30 (patch) | |
| tree | 6addb1118b40f89ad0c3434c681532084a418e6e | |
| parent | c340c10fda7bfde62945be51643e529a238791fa (diff) | |
Wiki: Content-Security-Policy: Add data: to img-src.
This is needed for BS4's navbar-toggler-icon which uses an SVG
background-image.
| -rw-r--r-- | roles/wiki/files/etc/nginx/sites-available/website | 2 | ||||
| -rw-r--r-- | roles/wiki/files/etc/nginx/sites-available/wiki | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/roles/wiki/files/etc/nginx/sites-available/website b/roles/wiki/files/etc/nginx/sites-available/website index 69d3337..4aeb3db 100644 --- a/roles/wiki/files/etc/nginx/sites-available/website +++ b/roles/wiki/files/etc/nginx/sites-available/website @@ -11,41 +11,41 @@ server { error_log /var/log/nginx/www.error.log info; location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name fripost.org; server_name www.fripost.org; access_log /var/log/nginx/www.access.log; error_log /var/log/nginx/www.error.log info; include snippets/headers.conf; add_header Content-Security-Policy - "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; frame-ancestors 'none'; form-action https://www.paypal.com/; base-uri fripost.org www.fripost.org"; + "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; frame-ancestors 'none'; form-action https://www.paypal.com/; base-uri fripost.org www.fripost.org"; include snippets/ssl.conf; ssl_certificate ssl/www.fripost.org.pem; ssl_certificate_key ssl/www.fripost.org.key; include snippets/fripost.org.hpkp-hdr; gzip on; gzip_vary on; gzip_min_length 256; gzip_types application/font-woff application/font-woff2 application/javascript application/json application/xml image/svg+xml image/x-icon text/css text/plain; location / { try_files $uri $uri/ =404; index index.html; root /var/lib/ikiwiki/public_html/fripost-wiki/website; } location = /ikiwiki.cgi { internal; } location /static/ { expires 30d; try_files $uri =404; diff --git a/roles/wiki/files/etc/nginx/sites-available/wiki b/roles/wiki/files/etc/nginx/sites-available/wiki index 153b3e2..b201ef5 100644 --- a/roles/wiki/files/etc/nginx/sites-available/wiki +++ b/roles/wiki/files/etc/nginx/sites-available/wiki @@ -10,41 +10,41 @@ server { error_log /var/log/nginx/wiki.error.log info; location / { location ~ ^/website(/.*)?$ { return 302 $scheme://fripost.org$1; } return 301 https://$host$request_uri; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name wiki.fripost.org; access_log /var/log/nginx/wiki.access.log; error_log /var/log/nginx/wiki.error.log info; include snippets/headers.conf; add_header Content-Security-Policy - "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self'; font-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri wiki.fripost.org"; + "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri wiki.fripost.org"; include snippets/ssl.conf; ssl_certificate ssl/www.fripost.org.pem; ssl_certificate_key ssl/www.fripost.org.key; include snippets/fripost.org.hpkp-hdr; gzip on; gzip_vary on; gzip_min_length 256; gzip_types application/font-woff application/font-woff2 application/javascript application/json application/xml image/svg+xml image/x-icon text/css text/plain; root /var/lib/ikiwiki/public_html/fripost-wiki; location /static/ { expires 30d; try_files $uri =404; } location / { location ~ ^/website(/.*)?$ { return 302 $scheme://fripost.org$1; } index index.html; try_files $uri $uri/ =404; } |