From 8b5c61953e312acbcd56da151cf5174fcd7ae7fd Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Wed, 18 Jun 2025 14:29:16 +0200 Subject: [PATCH] Solved CSP bugs --- .../templates/discourse_application.yml.j2 | 18 +++++++++--------- roles/docker-matrix/vars/configuration.yml | 5 +++-- roles/docker-taiga/vars/configuration.yml | 2 ++ roles/docker-wordpress/vars/configuration.yml | 4 +++- 4 files changed, 17 insertions(+), 12 deletions(-) diff --git a/roles/docker-discourse/templates/discourse_application.yml.j2 b/roles/docker-discourse/templates/discourse_application.yml.j2 index 825c99e8..bfe5c066 100644 --- a/roles/docker-discourse/templates/discourse_application.yml.j2 +++ b/roles/docker-discourse/templates/discourse_application.yml.j2 @@ -102,15 +102,15 @@ hooks: - exec: cd: $home/plugins cmd: - - git clone https://github.com/discourse/docker_manager.git - - git clone https://github.com/discourse/discourse-activity-pub.git - - git clone https://github.com/discourse/discourse-calendar.git - - git clone https://github.com/discourse/discourse-akismet.git - - git clone https://github.com/discourse/discourse-cakeday.git - - git clone https://github.com/discourse/discourse-solved.git - - git clone https://github.com/discourse/discourse-voting.git - - git clone https://github.com/discourse/discourse-oauth2-basic.git - - git clone https://github.com/discourse/discourse-openid-connect.git + - git clone --depth=1 https://github.com/discourse/docker_manager.git + - git clone --depth=1 https://github.com/discourse/discourse-activity-pub.git + - git clone --depth=1 https://github.com/discourse/discourse-calendar.git + - git clone --depth=1 https://github.com/discourse/discourse-akismet.git + - git clone --depth=1 https://github.com/discourse/discourse-cakeday.git + - git clone --depth=1 https://github.com/discourse/discourse-solved.git + - git clone --depth=1 https://github.com/discourse/discourse-voting.git + - git clone --depth=1 https://github.com/discourse/discourse-oauth2-basic.git + - git clone --depth=1 https://github.com/discourse/discourse-openid-connect.git ## Any custom commands to run after building run: diff --git a/roles/docker-matrix/vars/configuration.yml b/roles/docker-matrix/vars/configuration.yml index 2d049206..5c5265e6 100644 --- a/roles/docker-matrix/vars/configuration.yml +++ b/roles/docker-matrix/vars/configuration.yml @@ -20,6 +20,8 @@ features: central_database: true csp: flags: + script-src: + unsafe-eval: true script-src-elem: unsafe-inline: true unsafe-eval: true @@ -27,8 +29,7 @@ csp: unsafe-inline: true whitelist: connect-src: - - "{{ primary_domain }}" - - "matrix.{{ primary_domain }}" + - "*" script-src-elem: - "element.{{ primary_domain }}" - "https://cdn.jsdelivr.net" diff --git a/roles/docker-taiga/vars/configuration.yml b/roles/docker-taiga/vars/configuration.yml index 26801aa2..52f2511a 100644 --- a/roles/docker-taiga/vars/configuration.yml +++ b/roles/docker-taiga/vars/configuration.yml @@ -20,6 +20,8 @@ csp: unsafe-eval: true style-src: unsafe-inline: true + script-src: + unsafe-eval: true domains: canonical: - "kanban.{{ primary_domain }}" \ No newline at end of file diff --git a/roles/docker-wordpress/vars/configuration.yml b/roles/docker-wordpress/vars/configuration.yml index 25c40db0..788d3e05 100644 --- a/roles/docker-wordpress/vars/configuration.yml +++ b/roles/docker-wordpress/vars/configuration.yml @@ -16,6 +16,7 @@ features: portfolio_iframe: false oidc: true central_database: true +version: latest csp: flags: style-src: @@ -31,7 +32,8 @@ csp: - "data:" - "https://fonts.bunny.net" script-src-elem: - - "https://cdn.gtranslate.net" + - "https://cdn.gtranslate.net" # Necessary for translation plugins + - "https://translate.google.com" # Necessary for translation plugins - "blog.{{ primary_domain }}" style-src: - "https://fonts.bunny.net"