Optimized CSP policies

2025-08-29 15:06:26 +02:00 · 2025-05-15 15:11:55 +02:00
parent be0da93c9c
commit fd698e9cc6
2 changed files with 9 additions and 4 deletions
--- a/roles/docker-matrix-compose/vars/configuration.yml
+++ b/roles/docker-matrix-compose/vars/configuration.yml
@@ -20,12 +20,13 @@ csp:
  flags:
    script-src:
      unsafe-inline: true
+      unsafe-eval:   true
    style-src:
      unsafe-inline: true
  whitelist:
    connect-src:
-      - "{{ domains.element }}"
+      - "{{ primary_domain }}"
      - "{{ domains.synapse }}"
    script-src:
-      - "{{ domains.element }}"
-      - "{{ domains.synapse }}"  
+      - "{{ domains.synapse }}"
+      - "https://cdn.jsdelivr.net"
--- a/roles/docker-wordpress/vars/configuration.yml
+++ b/roles/docker-wordpress/vars/configuration.yml
@@ -30,4 +30,8 @@ csp:
      - "data:"
    script-src:
      - "https://cdn.gtranslate.net"
-      - "{{ domains.wordpress }}"
+      - "{{ domains.wordpress[0] }}"
+    frame-src:
+      - "{{ domains.peertube }}"
+    style-src:
+      - "https://fonts.bunny.net"