mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-11-08 14:17:57 +00:00
Kevin Veen-Birkenbach
57d5269b07
- Add CSP3 support for style/script: include -elem and -attr directives - Base (style-src, script-src) now unions elem/attr (CSP2/Safari fallback) - Respect explicit base disables (e.g. style-src.unsafe-inline: false) - Hashes only when 'unsafe-inline' absent in the final base tokens - Nginx: set CSP only for HTML/worker via header_filter_by_lua_block; drop for subresources - Remove per-location header_filter; keep body_filter only - Update app role flags to *-attr where appropriate; extend desktop CSS sources - Add comprehensive unit tests for union/explicit-disable/no-mirror-back Ref: https://chatgpt.com/share/68f87a0a-cebc-800f-bb3e-8c8ab4dee8ee
53 lines
1.4 KiB
YAML
53 lines
1.4 KiB
YAML
features:
|
|
matomo: true
|
|
css: false
|
|
desktop: false # @todo Solve https://chatgpt.com/c/687a50b4-8d78-800f-a202-1631aa05fd4f before setting it to true
|
|
ldap: false
|
|
oidc: true
|
|
central_database: true
|
|
logout: true
|
|
server:
|
|
csp:
|
|
flags:
|
|
script-src-elem:
|
|
unsafe-inline: true
|
|
unsafe-eval: true
|
|
script-src-attr:
|
|
unsafe-eval: true
|
|
whitelist:
|
|
connect-src:
|
|
- "{{ WEBSOCKET_PROTOCOL }}://espocrm.{{ PRIMARY_DOMAIN }}"
|
|
- "data:"
|
|
frame-src:
|
|
- https://s.espocrm.com/
|
|
domains:
|
|
aliases: []
|
|
canonical:
|
|
- espo.crm.{{ PRIMARY_DOMAIN }}
|
|
email:
|
|
from_name: "Customer Relationship Management ({{ PRIMARY_DOMAIN }})"
|
|
docker:
|
|
services:
|
|
database:
|
|
enabled: true
|
|
espocrm:
|
|
image: "espocrm/espocrm"
|
|
version: "latest"
|
|
name: "espocrm"
|
|
cpus: 1.5
|
|
mem_reservation: 1.2g
|
|
mem_limit: 2g
|
|
pids_limit: 768
|
|
daemon:
|
|
cpus: 0.5
|
|
mem_reservation: 0.25g
|
|
mem_limit: 0.5g
|
|
pids_limit: 384
|
|
websocket:
|
|
cpus: 0.5
|
|
mem_reservation: 0.25g
|
|
mem_limit: 0.5g
|
|
pids_limit: 384
|
|
volumes:
|
|
data: espocrm_data
|
|
maintenance_mode: false |