nodes/voc.pretalx: only set content-security-policy for requests to django itself, not for media and static endpoints

2021-04-05 10:16:06 +02:00 · 2021-04-05 10:16:06 +02:00 · fd63d3d857
parent 24f04e59aa
commit fd63d3d857
2 changed files with 14 additions and 9 deletions
--- a/data/nginx/files/extras/voc.pretalx/pretalx
+++ b/data/nginx/files/extras/voc.pretalx/pretalx
@ -1,3 +1,17 @@
+    location / {
+        proxy_pass           http://127.0.0.1:22060/;
+        proxy_http_version   1.1;
+        proxy_set_header     Host pretalx.c3voc.de;
+        proxy_set_header     X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header     X-Forwarded-Proto HTTPS;
+        proxy_set_header     X-Forwarded-Host pretalx.c3voc.de;
+        proxy_buffering      off;
+
+        # https://github.com/pretalx/pretalx-media-ccc-de/issues/1
+        proxy_hide_header content-security-policy;
+        #add_header content-security-policy "form-action 'self'; default-src 'self'; img-src 'self' data: https://www.gravatar.com; style-src 'self' 'unsafe-inline'; script-src 'self'; base-uri 'none'; frame-src https://media.ccc.de 'self'";
+    }
+
    location /media/ {
        alias /opt/pretalx/data/media/;
        add_header Content-Disposition 'attachment; filename="$1"';
@ -11,7 +25,3 @@
        expires 365d;
        add_header Cache-Control "public";
    }
-
-    # https://github.com/pretalx/pretalx-media-ccc-de/issues/1
-    proxy_hide_header content-security-policy;
-    add_header content-security-policy "form-action 'self'; default-src 'self'; img-src 'self' data: https://www.gravatar.com; style-src 'self' 'unsafe-inline'; script-src 'self'; base-uri 'none'; frame-src https://media.ccc.de";
--- a/nodes/voc/pretalx.py
+++ b/nodes/voc/pretalx.py
@ -37,11 +37,6 @@ nodes['voc.pretalx'] = {
                    'domain': 'pretalx.c3voc.de',
                    # pretalx limits this to 10M per file, too
                    'max_body_size': '100M',
-                    'proxy': {
-                        '/': {
-                            'target': 'http://127.0.0.1:22060/',
-                        },
-                    },
                    'extras': True,
                    'website_check_path': '/orga/login/',
                    'website_check_string': ':: pretalx',