aboutsummaryrefslogtreecommitdiffhomepage
path: root/config
diff options
context:
space:
mode:
authorRigel Kent <par@rigelk.eu>2018-12-13 09:49:45 +0100
committerChocobozzz <me@florianbigard.com>2018-12-13 09:49:45 +0100
commit5e755fff9d70a7fd3c4f85bb524f1b774dd85b25 (patch)
tree699a0724de91f4151ec7d67b700f5b7736a78e45 /config
parent9ecac97be024cf2277872986950d7eec85cbc76e (diff)
downloadPeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.tar.gz
PeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.tar.zst
PeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.zip
add Content Security Policy (#1252)
* add Content Security Policy * remove reflect-metadata on production builds to get rid of unsafe-eval * fix baseCSP usage * add SRI to CSP * add blob: to media-src * remove SRI * CSP set to reportOnly * adding data: to connect-src CSP * remove block-all-mixed-content * add report-uri support
Diffstat (limited to 'config')
-rw-r--r--config/default.yaml2
-rw-r--r--config/production.yaml.example2
2 files changed, 4 insertions, 0 deletions
diff --git a/config/default.yaml b/config/default.yaml
index 080638a13..5fdb41250 100644
--- a/config/default.yaml
+++ b/config/default.yaml
@@ -163,6 +163,8 @@ instance:
163 "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" 163 "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
164 164
165services: 165services:
166 # You can provide a reporting endpoint for Content Security Policy violations
167 csp-logger:
166 # Cards configuration to format video in Twitter 168 # Cards configuration to format video in Twitter
167 twitter: 169 twitter:
168 username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published 170 username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published
diff --git a/config/production.yaml.example b/config/production.yaml.example
index 770bb97da..c0dbf64b6 100644
--- a/config/production.yaml.example
+++ b/config/production.yaml.example
@@ -177,6 +177,8 @@ instance:
177 "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" 177 "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:"
178 178
179services: 179services:
180 # You can provide a reporting endpoint for Content Security Policy violations
181 csp-logger:
180 # Cards configuration to format video in Twitter 182 # Cards configuration to format video in Twitter
181 twitter: 183 twitter:
182 username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published 184 username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published