kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-10 18:58:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

Solved CSP bugs for echoserver

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-06-10 18:25:39 +02:00
parent 90e9e00205
commit 2541cc1c91
6 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
filter_plugins/csp_filters.py
View File

@@ -128,7 +128,7 @@ class FilterModule(object):
): ):
domain = domains.get('portfolio')[0] domain = domains.get('portfolio')[0]
sld_tld = ".".join(domain.split(".")[-2:]) # yields "example.com" sld_tld = ".".join(domain.split(".")[-2:]) # yields "example.com"
tokens.append(f"{sld_tld}") # yields "*.example.com" tokens.append(f"{sld_tld}") # yields "*.example.com"
# whitelist # whitelist
tokens += self.get_csp_whitelist(applications, application_id, directive) tokens += self.get_csp_whitelist(applications, application_id, directive)

2
roles/docker-espocrm/vars/configuration.yml
View File

@@ -20,6 +20,8 @@ csp:
unsafe-eval: true unsafe-eval: true
style-src: style-src:
unsafe-inline: true unsafe-inline: true
script-src:
unsafe-eval: true
whitelist: whitelist:
connect-src: connect-src:
- wss://espocrm.{{ primary_domain }} - wss://espocrm.{{ primary_domain }}

3
roles/docker-matomo/vars/configuration.yml
View File

@@ -13,11 +13,14 @@ csp:
style-src: style-src:
- https://fonts.googleapis.com - https://fonts.googleapis.com
flags: flags:
script-src:
unsafe-eval: true
script-src-elem: script-src-elem:
unsafe-inline: true unsafe-inline: true
unsafe-eval: true unsafe-eval: true
style-src: style-src:
unsafe-inline: true unsafe-inline: true
unsafe-eval: true
domains: domains:
aliases: aliases:
- "analytics.{{ primary_domain }}" - "analytics.{{ primary_domain }}"

2
roles/docker-peertube/vars/configuration.yml
View File

@@ -7,6 +7,8 @@ features:
oidc: true oidc: true
csp: csp:
flags: flags:
script-src-elem:
unsafe-inline: true
script-src: script-src:
unsafe-inline: true unsafe-inline: true
style-src: style-src:

2
roles/docker-sphinx/vars/configuration.yml
View File

@@ -4,6 +4,8 @@ features:
portfolio_iframe: false portfolio_iframe: false
csp: csp:
flags: flags:
script-src:
unsafe-eval: true
script-src-elem: script-src-elem:
unsafe-inline: true unsafe-inline: true
unsafe-eval: true unsafe-eval: true

2
roles/nginx-modifier-matomo/tasks/main.yml
View File

@@ -77,7 +77,7 @@
(application_id): { (application_id): {
'csp': { 'csp': {
'hashes': { 'hashes': {
'script-src': ( 'script-src-elem': (
applications[application_id]['csp']['hashes'].get('script-src', []) applications[application_id]['csp']['hashes'].get('script-src', [])
+ [ matomo_tracking_code_one_liner ] + [ matomo_tracking_code_one_liner ]
) )