Optimized CSP

roles/docker-discourse/vars/configuration.yml

@@ -11,9 +11,9 @@ features:
 csp:
   flags:
     style-src:
-      unsafe_inline: true
+      unsafe-inline: true
     script-src:
-      unsafe_inline: true
+      unsafe-inline: true
   whitelist:
     font-src:
       - "http://*.{{primary_domain}}"

roles/docker-espocrm/vars/configuration.yml

@@ -5,13 +5,14 @@ users:
     email:                "{{ users.administrator.email }}"
 
 credentials:
-#  administrator_password: # Set in inventory file
-#  database_password:      # Set in your inventory file
-
 features:
   matomo:             true
   css:                false
   landingpage_iframe: false
   ldap:               false
   oidc:               true
-  central_database:   true
+  central_database:   true
+csp:
+  flags:
+    script-src:
+      unsafe-inline: true

roles/docker-lam/vars/configuration.yml

@@ -11,4 +11,11 @@ features:
   landingpage_iframe:           true
   ldap:                         true
   central_database:             false
-  oauth2:                       false
+  oauth2:                       false
+csp:
+  flags:
+    style-src:
+      unsafe-inline: true
+    script-src:
+      unsafe-inline: true
+      unsafe-eval:   true

roles/docker-matomo/vars/configuration.yml

@@ -4,4 +4,16 @@ features:
   css:                false
   landingpage_iframe: false
   central_database:   true
-  oauth2:             false
+  oauth2:             false
+csp:
+  whitelist:
+    script-src:
+      - https://cdn.matomo.cloud
+    style-src:
+      - https://fonts.googleapis.com
+  flags:
+    script-src:
+      unsafe-inline: true
+      unsafe-eval:   true
+    style-src:
+      unsafe-inline: true

roles/docker-nextcloud/vars/configuration.yml

@@ -4,7 +4,7 @@ ldap:
 csp:
   flags:
     style-src:
-      unsafe_inline: true
+      unsafe-inline: true
 oidc:
   enabled:                    "{{ applications.nextcloud.features.oidc | default(true) }}"      # Activate OIDC for Nextcloud
   # floavor decides which OICD plugin should be used. 

roles/docker-openproject/vars/configuration.yml

@@ -16,4 +16,4 @@ features:
 csp:
   flags:
     script-src:
-      unsafe_inline: true
+      unsafe-inline: true

roles/docker-portfolio/vars/configuration.yml

@@ -16,3 +16,6 @@ csp:
       - https://ka-f.fontawesome.com
     frame-src:
       - "{{ web_protocol }}://*.{{primary_domain}}"
+  flags:
+    style-src-elem:
+      unsafe-inline: true

roles/docker-presentation/vars/configuration.yml

@@ -16,6 +16,6 @@ csp:
       - https://cdnjs.cloudflare.com
   flags:
     style-src:
-      unsafe_inline: true
+      unsafe-inline: true
     script-src:
       unsafe-eval: true

roles/docker-sphinx/vars/configuration.yml

@@ -1,4 +1,11 @@
 features:
   matomo:               true
   css:                  true
-  landingpage_iframe:   false
+  landingpage_iframe:   false
+csp:
+  flags:
+    script-src:
+      unsafe-inline:  true
+      unsafe-eval:    true
+    style-src:
+      unsafe-inline:  true

roles/docker-wordpress/vars/configuration.yml

@@ -10,10 +10,15 @@ plugins:
     enabled:          true
   activitypub:
     enabled:          true
-      
 features:
   matomo:             true
   css:                false
   landingpage_iframe: false
   oidc:               true
-  central_database:   true
+  central_database:   true
+csp:
+  flags:
+    style-src:
+      unsafe-inline: true
+    script-src:
+      unsafe-inline: true