From 5e755fff9d70a7fd3c4f85bb524f1b774dd85b25 Mon Sep 17 00:00:00 2001 From: Rigel Kent Date: Thu, 13 Dec 2018 09:49:45 +0100 Subject: add Content Security Policy (#1252) * add Content Security Policy * remove reflect-metadata on production builds to get rid of unsafe-eval * fix baseCSP usage * add SRI to CSP * add blob: to media-src * remove SRI * CSP set to reportOnly * adding data: to connect-src CSP * remove block-all-mixed-content * add report-uri support --- support/docker/production/config/custom-environment-variables.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'support/docker') diff --git a/support/docker/production/config/custom-environment-variables.yaml b/support/docker/production/config/custom-environment-variables.yaml index cfc30632c..550f1ad80 100644 --- a/support/docker/production/config/custom-environment-variables.yaml +++ b/support/docker/production/config/custom-environment-variables.yaml @@ -101,9 +101,11 @@ transcoding: 1080: __name: "PEERTUBE_TRANSCODING_1080P" __format: "json" - instance: name: "PEERTUBE_INSTANCE_NAME" description: "PEERTUBE_INSTANCE_DESCRIPTION" terms: "PEERTUBE_INSTANCE_TERMS" + +services: + csp-logger: "PEERTUBE_SERVICES_CSPLOGGER" -- cgit v1.2.3