add Content Security Policy (#1252)

* add Content Security Policy * remove reflect-metadata on production builds to get rid of unsafe-eval * fix baseCSP usage * add SRI to CSP * add blob: to media-src * remove SRI * CSP set to reportOnly * adding data: to connect-src CSP * remove block-all-mixed-content * add report-uri support
author: Rigel Kent <par@rigelk.eu> 2018-12-13 09:49:45 +0100
committer: Chocobozzz <me@florianbigard.com> 2018-12-13 09:49:45 +0100
commit: 5e755fff9d70a7fd3c4f85bb524f1b774dd85b25 (patch)
tree: 699a0724de91f4151ec7d67b700f5b7736a78e45 /config/default.yaml
parent: 9ecac97be024cf2277872986950d7eec85cbc76e (diff)
download: PeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.tar.gz
PeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.tar.zst
PeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/config/default.yaml b/config/default.yaml
index 080638a13..5fdb41250 100644
--- a/config/default.yaml
+++ b/config/default.yaml
@@ -163,6 +163,8 @@ instance:
    "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
 services:
+  # You can provide a reporting endpoint for Content Security Policy violations
+  csp-logger:
  # Cards configuration to format video in Twitter
  twitter:
    username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published
author	Rigel Kent <par@rigelk.eu>	2018-12-13 09:49:45 +0100
committer	Chocobozzz <me@florianbigard.com>	2018-12-13 09:49:45 +0100
commit	5e755fff9d70a7fd3c4f85bb524f1b774dd85b25 (patch)
tree	699a0724de91f4151ec7d67b700f5b7736a78e45 /config/default.yaml
parent	9ecac97be024cf2277872986950d7eec85cbc76e (diff)
download	PeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.tar.gz PeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.tar.zst PeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.zip

diff --git a/config/default.yaml b/config/default.yaml index 080638a13..5fdb41250 100644 --- a/config/default.yaml +++ b/config/default.yaml
@@ -163,6 +163,8 @@ instance:
163	"# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"	163	"# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
164		164
165	services:	165	services:
		166	# You can provide a reporting endpoint for Content Security Policy violations
		167	csp-logger:
166	# Cards configuration to format video in Twitter	168	# Cards configuration to format video in Twitter
167	twitter:	169	twitter:
168	username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published	170	username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published