diff options
| author | Rigel Kent <par@rigelk.eu> | 2018-12-13 09:49:45 +0100 |
|---|---|---|
| committer | Chocobozzz <me@florianbigard.com> | 2018-12-13 09:49:45 +0100 |
| commit | 5e755fff9d70a7fd3c4f85bb524f1b774dd85b25 (patch) | |
| tree | 699a0724de91f4151ec7d67b700f5b7736a78e45 /config | |
| parent | 9ecac97be024cf2277872986950d7eec85cbc76e (diff) | |
| download | PeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.tar.gz PeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.tar.zst PeerTube-5e755fff9d70a7fd3c4f85bb524f1b774dd85b25.zip | |
add Content Security Policy (#1252)
* add Content Security Policy
* remove reflect-metadata on production builds to get rid of unsafe-eval
* fix baseCSP usage
* add SRI to CSP
* add blob: to media-src
* remove SRI
* CSP set to reportOnly
* adding data: to connect-src CSP
* remove block-all-mixed-content
* add report-uri support
Diffstat (limited to 'config')
| -rw-r--r-- | config/default.yaml | 2 | ||||
| -rw-r--r-- | config/production.yaml.example | 2 |
2 files changed, 4 insertions, 0 deletions
diff --git a/config/default.yaml b/config/default.yaml index 080638a13..5fdb41250 100644 --- a/config/default.yaml +++ b/config/default.yaml | |||
| @@ -163,6 +163,8 @@ instance: | |||
| 163 | "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" | 163 | "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" |
| 164 | 164 | ||
| 165 | services: | 165 | services: |
| 166 | # You can provide a reporting endpoint for Content Security Policy violations | ||
| 167 | csp-logger: | ||
| 166 | # Cards configuration to format video in Twitter | 168 | # Cards configuration to format video in Twitter |
| 167 | twitter: | 169 | twitter: |
| 168 | username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published | 170 | username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published |
diff --git a/config/production.yaml.example b/config/production.yaml.example index 770bb97da..c0dbf64b6 100644 --- a/config/production.yaml.example +++ b/config/production.yaml.example | |||
| @@ -177,6 +177,8 @@ instance: | |||
| 177 | "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" | 177 | "# If you would like to report a security issue\n# you may report it to:\nContact: https://github.com/Chocobozzz/PeerTube/blob/develop/SECURITY.md\nContact: mailto:" |
| 178 | 178 | ||
| 179 | services: | 179 | services: |
| 180 | # You can provide a reporting endpoint for Content Security Policy violations | ||
| 181 | csp-logger: | ||
| 180 | # Cards configuration to format video in Twitter | 182 | # Cards configuration to format video in Twitter |
| 181 | twitter: | 183 | twitter: |
| 182 | username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published | 184 | username: '@Chocobozzz' # Indicates the Twitter account for the website or platform on which the content was published |