Optimized more CSP policies

filter_plugins/csp_filters.py

@@ -91,7 +91,8 @@ class FilterModule(object):
                 'frame-src',
                 'script-src',
                 'style-src',
-                'font-src'
+                'font-src',
+                'worker-src',
             ]
             parts = []
 

roles/docker-nextcloud/vars/configuration.yml

@@ -5,6 +5,11 @@ csp:
   flags:
     style-src:
       unsafe-inline: true
+    script-src:
+      unsafe-inline: true
+  whitelist:
+    font-src:
+      - data:
 oidc:
   enabled:                    "{{ applications.nextcloud.features.oidc | default(true) }}"      # Activate OIDC for Nextcloud
   # floavor decides which OICD plugin should be used. 

roles/docker-portfolio/vars/configuration.yml

@@ -17,5 +17,5 @@ csp:
     frame-src:
       - "{{ web_protocol }}://*.{{primary_domain}}"
   flags:
-    style-src-elem:
+    style-src:
       unsafe-inline: true

roles/docker-wordpress/vars/configuration.yml

@@ -22,3 +22,6 @@ csp:
       unsafe-inline: true
     script-src:
       unsafe-inline: true
+  whitelist:
+    worker-src:
+      - blob: