From fd698e9cc6cc26266aa517ca8bee6e1ef8b71521 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Thu, 15 May 2025 15:11:55 +0200
Subject: [PATCH] Optimized CSP policies

---
 roles/docker-matrix-compose/vars/configuration.yml | 7 ++++---
 roles/docker-wordpress/vars/configuration.yml      | 6 +++++-
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/roles/docker-matrix-compose/vars/configuration.yml b/roles/docker-matrix-compose/vars/configuration.yml
index 789d5244..c0c35b27 100644
--- a/roles/docker-matrix-compose/vars/configuration.yml
+++ b/roles/docker-matrix-compose/vars/configuration.yml
@@ -20,12 +20,13 @@ csp:
   flags:
     script-src:
       unsafe-inline: true
+      unsafe-eval:   true
     style-src:
       unsafe-inline: true
   whitelist:
     connect-src:
-      - "{{ domains.element }}"
+      - "{{ primary_domain }}"
       - "{{ domains.synapse }}"
     script-src:
-      - "{{ domains.element }}"
-      - "{{ domains.synapse }}"  
+      - "{{ domains.synapse }}"
+      - "https://cdn.jsdelivr.net"
diff --git a/roles/docker-wordpress/vars/configuration.yml b/roles/docker-wordpress/vars/configuration.yml
index cdb3d999..c669ea23 100644
--- a/roles/docker-wordpress/vars/configuration.yml
+++ b/roles/docker-wordpress/vars/configuration.yml
@@ -30,4 +30,8 @@ csp:
       - "data:"
     script-src:
       - "https://cdn.gtranslate.net"
-      - "{{ domains.wordpress }}"
\ No newline at end of file
+      - "{{ domains.wordpress[0] }}"
+    frame-src:
+      - "{{ domains.peertube }}"
+    style-src:
+      - "https://fonts.bunny.net"
\ No newline at end of file