optimized CSP for peertube

2025-07-26 18:21:09 +02:00 · 2025-06-30 18:10:19 +02:00 · 2025-06-30 18:10:19 +02:00 · 925f20f1e1
commit 925f20f1e1
parent 02d478186c
3 changed files with 6 additions and 0 deletions
--- a/filter_plugins/csp_filters.py
+++ b/filter_plugins/csp_filters.py
@ -96,6 +96,7 @@ class FilterModule(object):
                'font-src',
                'worker-src',
                'manifest-src',
+                'media-src',
            ]
            parts = []

--- a/roles/docker-peertube/vars/configuration.yml
+++ b/roles/docker-peertube/vars/configuration.yml
@ -16,6 +16,10 @@ csp:
  whitelist:
    frame-ancestors:
      - "*"
+    media-src:
+      - "blob:"
+    font-src:
+      - "data:"
 domains:
  canonical:
    - "video.{{ primary_domain }}"
--- a/tests/integration/test_csp_configuration_consistency.py
+++ b/tests/integration/test_csp_configuration_consistency.py
@ -15,6 +15,7 @@ class TestCspConfigurationConsistency(unittest.TestCase):
        'font-src',
        'worker-src',
        'manifest-src',
+        'media-src'
    }
    SUPPORTED_FLAGS = {'unsafe-eval', 'unsafe-inline'}