kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-09 18:28:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

Nextcloud: extend CSP for Talk & disable keeporsweep

Browse Source 
CSP: add cloud.<PRIMARY_DOMAIN> to connect-src and frame-src (both HTTP and WS) and allow worker-src 'blob:' for web workers used by Talk/Collabora.

Apps: disable keeporsweep (installation no longer possible) and document reason.

Context: https://chatgpt.com/share/68db9f41-16ec-800f-9cdf-7530862f89aa
This commit is contained in:
Kevin Veen-Birkenbach
2025-09-30 11:15:32 +02:00
parent 26a1992d84
commit 5d42b78b3d
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
roles/web-app-nextcloud/config/main.yml
View File

@@ -13,10 +13,14 @@ server:
- "data:"
connect-src:
- "{{ WEBSOCKET_PROTOCOL }}://collabora.{{ PRIMARY_DOMAIN }}"
- "{{ WEBSOCKET_PROTOCOL }}://cloud.{{ PRIMARY_DOMAIN }}"
- "{{ WEB_PROTOCOL }}://collabora.{{ PRIMARY_DOMAIN }}"
- "{{ WEB_PROTOCOL }}://cloud.{{ PRIMARY_DOMAIN }}"
frame-src:
- "{{ WEB_PROTOCOL }}://collabora.{{ PRIMARY_DOMAIN }}"
- "{{ WEBSOCKET_PROTOCOL }}://collabora.{{ PRIMARY_DOMAIN }}"
- "{{ WEB_PROTOCOL }}://collabora.{{ PRIMARY_DOMAIN }}"
worker-src:
- "blob:"
domains:
canonical:
- "cloud.{{ PRIMARY_DOMAIN }}"
@@ -209,7 +213,8 @@ plugins:
# enabled: false
keeporsweep:
# Nextcloud keep or sweep: helps manage and clean up files and data (https://apps.nextcloud.com/apps/keeporsweep)
enabled: true
# Deactivated because installation isn't possible anymore
enabled: false
mail:
# Nextcloud mail: integrated email client for managing mail accounts (https://apps.nextcloud.com/apps/mail)
enabled: true