Optimized more CSP policies

2025-08-29 15:06:26 +02:00 · 2025-05-15 11:00:13 +02:00
parent 6b7314baac
commit 1031b61f6a
4 changed files with 12 additions and 3 deletions
--- a/roles/docker-nextcloud/vars/configuration.yml
+++ b/roles/docker-nextcloud/vars/configuration.yml
@@ -5,6 +5,11 @@ csp:
  flags:
    style-src:
      unsafe-inline: true
+    script-src:
+      unsafe-inline: true
+  whitelist:
+    font-src:
+      - data:
 oidc:
  enabled:                    "{{ applications.nextcloud.features.oidc | default(true) }}"      # Activate OIDC for Nextcloud
  # floavor decides which OICD plugin should be used. 
--- a/roles/docker-portfolio/vars/configuration.yml
+++ b/roles/docker-portfolio/vars/configuration.yml
@@ -17,5 +17,5 @@ csp:
    frame-src:
      - "{{ web_protocol }}://*.{{primary_domain}}"
  flags:
-    style-src-elem:
+    style-src:
      unsafe-inline: true
--- a/roles/docker-wordpress/vars/configuration.yml
+++ b/roles/docker-wordpress/vars/configuration.yml
@@ -21,4 +21,7 @@ csp:
    style-src:
      unsafe-inline: true
    script-src:
-      unsafe-inline: true
+      unsafe-inline: true
+  whitelist:
+    worker-src:
+      - blob: