admin/e-cosplay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(ansible/caddy): Met à jour la CSP pour autoriser les polices depuis cdnjs.cloudflare.com

Browse Source
This commit is contained in:
Serreau Jovann
2025-12-25 20:21:18 +01:00
parent a3222c1b18
commit 5e1bd2a749
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/templates/caddy.j2
View File

@@ -20,7 +20,7 @@ www.e-cosplay.fr {
header { header {
-X-Robots-Tag -X-Robots-Tag
Permissions-Policy "accelerometer=(), autoplay=(), encrypted-media=(), geolocation=(), gyroscope=(), magnetometer=(), midi=(), payment=(), publickey-credentials-get=(), usb=(), screen-wake-lock=(), xr-spatial-tracking=(), bluetooth=(), gamepad=()" Permissions-Policy "accelerometer=(), autoplay=(), encrypted-media=(), geolocation=(), gyroscope=(), magnetometer=(), midi=(), payment=(), publickey-credentials-get=(), usb=(), screen-wake-lock=(), xr-spatial-tracking=(), bluetooth=(), gamepad=()"
Content-Security-Policy "base-uri 'self'; default-src 'self'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://challenges.cloudflare.com https://sentry.esy-web.dev https://www.e-cosplay.fr https://datas.e-cosplay.fr https://chat.esy-web.dev https://*.cloudflareinsights.com https://storage.googleapis.com https://*.trustpilot.com https://climate.stripe.com; font-src 'self' https://fonts.gstatic.com;connect-src https://browser.sentry-cdn.com https://*.e-cosplay.fr https://*.cloudflareinsights.com https://fonts.googleapis.com https://widget.trustpilot.com/ https://challenges.cloudflare.com https://chat.esy-web.dev; frame-src 'self' https://challenges.cloudflare.com https://*.trustpilot.com https://chat.esy-web.dev https://climate.stripe.com; worker-src 'self' blob:;" Content-Security-Policy "base-uri 'self'; default-src 'self'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://browser.sentry-cdn.com https://challenges.cloudflare.com https://sentry.esy-web.dev https://www.e-cosplay.fr https://datas.e-cosplay.fr https://chat.esy-web.dev https://*.cloudflareinsights.com https://storage.googleapis.com https://*.trustpilot.com https://climate.stripe.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com;connect-src https://browser.sentry-cdn.com https://*.e-cosplay.fr https://*.cloudflareinsights.com https://fonts.googleapis.com https://widget.trustpilot.com/ https://challenges.cloudflare.com https://chat.esy-web.dev; frame-src 'self' https://challenges.cloudflare.com https://*.trustpilot.com https://chat.esy-web.dev https://climate.stripe.com; worker-src 'self' blob:;"
Cross-Origin-Embedder-Policy "" Cross-Origin-Embedder-Policy ""
Cross-Origin-Opener-Policy "" Cross-Origin-Opener-Policy ""
Cross-Origin-Resource-Policy "" Cross-Origin-Resource-Policy ""