Browse Source

templates: Add CSP headers

master
Felix 4 months ago
parent
commit
334e1e78cf
  1. 2
      defaults/main.yml
  2. 6
      templates/syncthing-web.conf.j2

2
defaults/main.yml

@ -15,3 +15,5 @@ syncthing_relay_rate: 500000
syncthing_override_config_xml: false
syncthing_user: "syncthing"
syncthing_csp_report_uri: "{{csp_report_uri}}"

6
templates/syncthing-web.conf.j2

@ -17,6 +17,12 @@ server {
ssl_certificate_key /etc/dehydrated/certs/{{syncthing_cert_domain}}/privkey.pem;
include /etc/nginx/snippets/tls.conf;
# CSP - Content Security Police headers
# TODO revisit this
# https://forum.syncthing.net/t/content-security-policy-and-visual-artifact-when-proxying-gui-with-nginx/14847
add_header Report-To "{ 'group': 'default-csp', 'max_age': 10886400, 'endpoints': [ { 'url': '{{syncthing_csp_report_uri}}' } ] }";
add_header Content-Security-Policy-Report-Only "default-src 'self'; connect-src 'self'; font-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; report-uri {{syncthing_csp_report_uri}}; report-to default-csp;";
access_log off;
error_log off;

Loading…
Cancel
Save