Optimized more CSP policies

2025-05-18 10:40:33 +02:00 · 2025-05-15 11:00:13 +02:00 · 2025-05-15 11:00:13 +02:00 · 1031b61f6a
commit 1031b61f6a
parent 6b7314baac
4 changed files with 12 additions and 3 deletions
--- a/filter_plugins/csp_filters.py
+++ b/filter_plugins/csp_filters.py
@ -91,7 +91,8 @@ class FilterModule(object):
                'frame-src',
                'script-src',
                'style-src',
-                'font-src'
+                'font-src',
+                'worker-src',
            ]
            parts = []

--- a/roles/docker-nextcloud/vars/configuration.yml
+++ b/roles/docker-nextcloud/vars/configuration.yml
@ -5,6 +5,11 @@ csp:
  flags:
    style-src:
      unsafe-inline: true
+    script-src:
+      unsafe-inline: true
+  whitelist:
+    font-src:
+      - data:
 oidc:
  enabled:                    "{{ applications.nextcloud.features.oidc | default(true) }}"      # Activate OIDC for Nextcloud
  # floavor decides which OICD plugin should be used. 
--- a/roles/docker-portfolio/vars/configuration.yml
+++ b/roles/docker-portfolio/vars/configuration.yml
@ -17,5 +17,5 @@ csp:
    frame-src:
      - "{{ web_protocol }}://*.{{primary_domain}}"
  flags:
-    style-src-elem:
+    style-src:
      unsafe-inline: true
--- a/roles/docker-wordpress/vars/configuration.yml
+++ b/roles/docker-wordpress/vars/configuration.yml
@ -21,4 +21,7 @@ csp:
    style-src:
      unsafe-inline: true
    script-src:
-      unsafe-inline: true
+      unsafe-inline: true
+  whitelist:
+    worker-src:
+      - blob: