nodes/voc.pretalx: only set content-security-policy for requests to django itself, not for media and static endpoints
All checks were successful
bundlewrap/pipeline/head This commit looks good
All checks were successful
bundlewrap/pipeline/head This commit looks good
This commit is contained in:
parent
24f04e59aa
commit
fd63d3d857
GPG key ID:
12E3D2136B818350
2 changed files with 14 additions and 9 deletions
|
|
@ -1,3 +1,17 @@
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.1:22060/;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Host pretalx.c3voc.de;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto HTTPS;
|
||||||
|
proxy_set_header X-Forwarded-Host pretalx.c3voc.de;
|
||||||
|
proxy_buffering off;
|
||||||
|
|
||||||
|
# https://github.com/pretalx/pretalx-media-ccc-de/issues/1
|
||||||
|
proxy_hide_header content-security-policy;
|
||||||
|
#add_header content-security-policy "form-action 'self'; default-src 'self'; img-src 'self' data: https://www.gravatar.com; style-src 'self' 'unsafe-inline'; script-src 'self'; base-uri 'none'; frame-src https://media.ccc.de 'self'";
|
||||||
|
}
|
||||||
|
|
||||||
location /media/ {
|
location /media/ {
|
||||||
alias /opt/pretalx/data/media/;
|
alias /opt/pretalx/data/media/;
|
||||||
add_header Content-Disposition 'attachment; filename="$1"';
|
add_header Content-Disposition 'attachment; filename="$1"';
|
||||||
|
|
@ -11,7 +25,3 @@
|
||||||
expires 365d;
|
expires 365d;
|
||||||
add_header Cache-Control "public";
|
add_header Cache-Control "public";
|
||||||
}
|
}
|
||||||
|
|
||||||
# https://github.com/pretalx/pretalx-media-ccc-de/issues/1
|
|
||||||
proxy_hide_header content-security-policy;
|
|
||||||
add_header content-security-policy "form-action 'self'; default-src 'self'; img-src 'self' data: https://www.gravatar.com; style-src 'self' 'unsafe-inline'; script-src 'self'; base-uri 'none'; frame-src https://media.ccc.de";
|
|
||||||
|
|
|
||||||
|
|
@ -37,11 +37,6 @@ nodes['voc.pretalx'] = {
|
||||||
'domain': 'pretalx.c3voc.de',
|
'domain': 'pretalx.c3voc.de',
|
||||||
# pretalx limits this to 10M per file, too
|
# pretalx limits this to 10M per file, too
|
||||||
'max_body_size': '100M',
|
'max_body_size': '100M',
|
||||||
'proxy': {
|
|
||||||
'/': {
|
|
||||||
'target': 'http://127.0.0.1:22060/',
|
|
||||||
},
|
|
||||||
},
|
|
||||||
'extras': True,
|
'extras': True,
|
||||||
'website_check_path': '/orga/login/',
|
'website_check_path': '/orga/login/',
|
||||||
'website_check_string': ':: pretalx',
|
'website_check_string': ':: pretalx',
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue