Solved CSP bugs for echoserver

2025-08-29 15:06:26 +02:00 · 2025-06-10 18:25:39 +02:00
parent 90e9e00205
commit 2541cc1c91
6 changed files with 11 additions and 2 deletions
--- a/roles/docker-espocrm/vars/configuration.yml
+++ b/roles/docker-espocrm/vars/configuration.yml
@@ -20,6 +20,8 @@ csp:
      unsafe-eval:    true
    style-src:
      unsafe-inline:  true
+    script-src:
+      unsafe-eval:    true
  whitelist:
    connect-src:
      - wss://espocrm.{{ primary_domain }}
--- a/roles/docker-matomo/vars/configuration.yml
+++ b/roles/docker-matomo/vars/configuration.yml
@@ -13,11 +13,14 @@ csp:
    style-src:
      - https://fonts.googleapis.com
  flags:
+    script-src:
+      unsafe-eval:   true
    script-src-elem:
      unsafe-inline: true
      unsafe-eval:   true
    style-src:
      unsafe-inline: true
+      unsafe-eval:   true
 domains:
  aliases:
    - "analytics.{{ primary_domain }}"
--- a/roles/docker-peertube/vars/configuration.yml
+++ b/roles/docker-peertube/vars/configuration.yml
@@ -7,6 +7,8 @@ features:
  oidc:               true
 csp:
  flags:
+    script-src-elem:
+      unsafe-inline:  true
    script-src:
      unsafe-inline:  true
    style-src:
--- a/roles/docker-sphinx/vars/configuration.yml
+++ b/roles/docker-sphinx/vars/configuration.yml
@@ -4,6 +4,8 @@ features:
  portfolio_iframe:   false
 csp:
  flags:
+    script-src:
+      unsafe-eval:    true
    script-src-elem:
      unsafe-inline:  true
      unsafe-eval:    true
--- a/roles/nginx-modifier-matomo/tasks/main.yml
+++ b/roles/nginx-modifier-matomo/tasks/main.yml
@@ -77,7 +77,7 @@
            (application_id): {
              'csp': {
                'hashes': {
-                  'script-src': (
+                  'script-src-elem': (
                    applications[application_id]['csp']['hashes'].get('script-src', [])
                    + [ matomo_tracking_code_one_liner ]
                  )