admin/e-cosplay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(caddy): Ajoute storage.googleapis.com à Content-Security-Policy pour scripts

Browse Source
This commit is contained in:
Serreau Jovann
2025-11-17 10:38:06 +01:00
parent 4d94a49b9f
commit dc9738366d
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ansible/templates/caddy.j2
View File

@@ -12,13 +12,13 @@ www.e-cosplay.fr {
redir https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
}
handle_path /datas/* {
reverse_proxy localhost:27502
reverse_proxy http://localhost:27502
}
header {
-X-Robots-Tag
Permissions-Policy "accelerometer=(), autoplay=(), camera=(), clipboard-write=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), usb=(), vr=(), screen-wake-lock=(), xr-spatial-tracking=(), bluetooth=(), ambient-light-sensor=(), battery=(), gamepad=(), notifications=(), push=()"
Content-Security-Policy "default-src 'self'; script-src 'self' *.cloudflareinsights.com *.trustpilot.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self'; object-src 'none'; frame-src *.trustpilot.com; frame-ancestors 'none';"
Content-Security-Policy "default-src 'self'; script-src 'self' *.cloudflareinsights.com storage.googleapis.com *.trustpilot.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self'; object-src 'none'; frame-src *.trustpilot.com; frame-ancestors 'none';"
}
php_fastcgi unix//run/php/php8.3-fpm.sock {