nodes/voc.pretalx: only set content-security-policy for requests to django itself, not for media and static endpoints
All checks were successful
bundlewrap/pipeline/head This commit looks good
All checks were successful
bundlewrap/pipeline/head This commit looks good
This commit is contained in:
parent
24f04e59aa
commit
fd63d3d857
GPG key ID:
12E3D2136B818350
2 changed files with 14 additions and 9 deletions
|
|
@ -1,3 +1,17 @@
|
|||
location / {
|
||||
proxy_pass http://127.0.0.1:22060/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host pretalx.c3voc.de;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto HTTPS;
|
||||
proxy_set_header X-Forwarded-Host pretalx.c3voc.de;
|
||||
proxy_buffering off;
|
||||
|
||||
# https://github.com/pretalx/pretalx-media-ccc-de/issues/1
|
||||
proxy_hide_header content-security-policy;
|
||||
#add_header content-security-policy "form-action 'self'; default-src 'self'; img-src 'self' data: https://www.gravatar.com; style-src 'self' 'unsafe-inline'; script-src 'self'; base-uri 'none'; frame-src https://media.ccc.de 'self'";
|
||||
}
|
||||
|
||||
location /media/ {
|
||||
alias /opt/pretalx/data/media/;
|
||||
add_header Content-Disposition 'attachment; filename="$1"';
|
||||
|
|
@ -11,7 +25,3 @@
|
|||
expires 365d;
|
||||
add_header Cache-Control "public";
|
||||
}
|
||||
|
||||
# https://github.com/pretalx/pretalx-media-ccc-de/issues/1
|
||||
proxy_hide_header content-security-policy;
|
||||
add_header content-security-policy "form-action 'self'; default-src 'self'; img-src 'self' data: https://www.gravatar.com; style-src 'self' 'unsafe-inline'; script-src 'self'; base-uri 'none'; frame-src https://media.ccc.de";
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue