From f7cfd13d5a5a3b8a382ca3a242e5a931514f11fb Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Thu, 15 May 2025 11:31:30 +0200
Subject: [PATCH] Added more CSP Configurations for services running on
 veen.world

---
 roles/docker-espocrm/vars/configuration.yml        |  3 ++-
 roles/docker-gitea/vars/configuration.yml          | 14 +++++++++++++-
 roles/docker-matrix-compose/vars/configuration.yml |  8 +++++++-
 roles/docker-moodle/vars/configuration.yml         | 13 ++++++++++++-
 roles/docker-nextcloud/vars/configuration.yml      |  2 +-
 roles/docker-pixelfed/vars/configuration.yml       |  9 ++++++++-
 roles/docker-taiga/vars/configuration.yml          |  8 ++++++++
 roles/docker-wordpress/vars/configuration.yml      |  4 +++-
 8 files changed, 54 insertions(+), 7 deletions(-)

diff --git a/roles/docker-espocrm/vars/configuration.yml b/roles/docker-espocrm/vars/configuration.yml
index 668a7b68..cc11016d 100644
--- a/roles/docker-espocrm/vars/configuration.yml
+++ b/roles/docker-espocrm/vars/configuration.yml
@@ -15,4 +15,5 @@ features:
 csp:
   flags:
     script-src:
-      unsafe-inline: true
\ No newline at end of file
+      unsafe-inline: true
+      unsafe-eval:   true
\ No newline at end of file
diff --git a/roles/docker-gitea/vars/configuration.yml b/roles/docker-gitea/vars/configuration.yml
index 669269a3..479f66a2 100644
--- a/roles/docker-gitea/vars/configuration.yml
+++ b/roles/docker-gitea/vars/configuration.yml
@@ -8,4 +8,16 @@ features:
   matomo:                         true
   css:                            true
   landingpage_iframe:             true
-  central_database:               true
\ No newline at end of file
+  central_database:               true
+csp:
+  flags:
+    script-src:
+      unsafe-inline: true
+    style-src:
+      unsafe-inline: true
+  whitelist:
+    font-src:
+      - "data:"
+      - "blob:"
+    worker-src:
+      - "blob:"
\ No newline at end of file
diff --git a/roles/docker-matrix-compose/vars/configuration.yml b/roles/docker-matrix-compose/vars/configuration.yml
index 4ab2290c..fa589784 100644
--- a/roles/docker-matrix-compose/vars/configuration.yml
+++ b/roles/docker-matrix-compose/vars/configuration.yml
@@ -15,4 +15,10 @@ features:
   css:                true
   landingpage_iframe: false
   oidc:               false                              # Deactivated OIDC due to this issue https://github.com/matrix-org/synapse/issues/10492
-  central_database:   true
\ No newline at end of file
+  central_database:   true
+csp:
+  flags:
+    script-src:
+      unsafe-inline: true
+    style-src:
+      unsafe-inline: true
\ No newline at end of file
diff --git a/roles/docker-moodle/vars/configuration.yml b/roles/docker-moodle/vars/configuration.yml
index 260d995e..a8230ecc 100644
--- a/roles/docker-moodle/vars/configuration.yml
+++ b/roles/docker-moodle/vars/configuration.yml
@@ -8,4 +8,15 @@ features:
   matomo:             true
   css:                true
   landingpage_iframe: false
-  central_database:   true
\ No newline at end of file
+  central_database:   true
+csp:
+  flags:
+    script-src:
+      unsafe-inline: true
+      unsafe-eval:   true
+    style-src:
+      unsafe-inline: true
+  whitelist:
+    font-src:
+      - "data:"
+      - "blob:"
\ No newline at end of file
diff --git a/roles/docker-nextcloud/vars/configuration.yml b/roles/docker-nextcloud/vars/configuration.yml
index 5cea6e2f..76e646e7 100644
--- a/roles/docker-nextcloud/vars/configuration.yml
+++ b/roles/docker-nextcloud/vars/configuration.yml
@@ -9,7 +9,7 @@ csp:
       unsafe-inline: true
   whitelist:
     font-src:
-      - data:
+      - "data:"
 oidc:
   enabled:                    "{{ applications.nextcloud.features.oidc | default(true) }}"      # Activate OIDC for Nextcloud
   # floavor decides which OICD plugin should be used. 
diff --git a/roles/docker-pixelfed/vars/configuration.yml b/roles/docker-pixelfed/vars/configuration.yml
index 0ec398f2..ade17b9d 100644
--- a/roles/docker-pixelfed/vars/configuration.yml
+++ b/roles/docker-pixelfed/vars/configuration.yml
@@ -4,4 +4,11 @@ features:
   matomo:             true
   css:                true
   landingpage_iframe: false
-  central_database:   true
\ No newline at end of file
+  central_database:   true
+csp:
+  flags:
+    script-src:
+      unsafe-inline: true
+      unsafe-eval:   true
+    style-src:
+      unsafe-inline: true
\ No newline at end of file
diff --git a/roles/docker-taiga/vars/configuration.yml b/roles/docker-taiga/vars/configuration.yml
index 038e3ee7..9f2825d9 100644
--- a/roles/docker-taiga/vars/configuration.yml
+++ b/roles/docker-taiga/vars/configuration.yml
@@ -12,3 +12,11 @@ features:
   landingpage_iframe: false
   oidc:               false
   central_database:   true
+
+csp:
+  flags:
+    script-src:
+      unsafe-inline: true
+      unsafe-eval:   true
+    style-src:
+      unsafe-inline: true
\ No newline at end of file
diff --git a/roles/docker-wordpress/vars/configuration.yml b/roles/docker-wordpress/vars/configuration.yml
index 2ba93662..a4bf56e6 100644
--- a/roles/docker-wordpress/vars/configuration.yml
+++ b/roles/docker-wordpress/vars/configuration.yml
@@ -24,4 +24,6 @@ csp:
       unsafe-inline: true
   whitelist:
     worker-src:
-      - blob:
\ No newline at end of file
+      - "blob:"
+    font-src:
+      - "data:"
\ No newline at end of file