kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Activity

nodes/voc.pretalx: only set content-security-policy for requests to django itself, not for media and static endpoints
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details

Browse source
This commit is contained in:
Franzi 2021-04-05 10:16:06 +02:00
parent 24f04e59aa
commit fd63d3d857
Signed by: kunsi
GPG key ID: 12E3D2136B818350
2 changed files with 14 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
data/nginx/files/extras/voc.pretalx/pretalx
View file

@ -1,3 +1,17 @@
location / {
proxy_pass http://127.0.0.1:22060/;
proxy_http_version 1.1;
proxy_set_header Host pretalx.c3voc.de;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto HTTPS;
proxy_set_header X-Forwarded-Host pretalx.c3voc.de;
proxy_buffering off;
# https://github.com/pretalx/pretalx-media-ccc-de/issues/1
proxy_hide_header content-security-policy;
#add_header content-security-policy "form-action 'self'; default-src 'self'; img-src 'self' data: https://www.gravatar.com; style-src 'self' 'unsafe-inline'; script-src 'self'; base-uri 'none'; frame-src https://media.ccc.de 'self'";
}
location /media/ {
alias /opt/pretalx/data/media/;
add_header Content-Disposition 'attachment; filename="$1"';
@ -11,7 +25,3 @@
expires 365d;
add_header Cache-Control "public";
}
# https://github.com/pretalx/pretalx-media-ccc-de/issues/1
proxy_hide_header content-security-policy;
add_header content-security-policy "form-action 'self'; default-src 'self'; img-src 'self' data: https://www.gravatar.com; style-src 'self' 'unsafe-inline'; script-src 'self'; base-uri 'none'; frame-src https://media.ccc.de";

5
nodes/voc/pretalx.py
View file

@ -37,11 +37,6 @@ nodes['voc.pretalx'] = {
'domain': 'pretalx.c3voc.de',
# pretalx limits this to 10M per file, too
'max_body_size': '100M',
'proxy': {
'/': {
'target': 'http://127.0.0.1:22060/',
},
},
'extras': True,
'website_check_path': '/orga/login/',
'website_check_string': ':: pretalx',