[doc] add apache2 CSP config

author: nodiscc <nodiscc@gmail.com> 2015-11-30 23:17:01 +0100
committer: nodiscc <nodiscc@gmail.com> 2015-11-30 23:17:01 +0100
commit: 8025c63906eab4091b75ec0beac06b3a5837d31b (patch)
tree: 95a13163e0d932ad40c2a9006c06f4bacb46b025 /plugins/playvideos
parent: a33c574461cd082588b11b8843fe8fd7f92e3fe6 (diff)
download: Shaarli-8025c63906eab4091b75ec0beac06b3a5837d31b.tar.gz
Shaarli-8025c63906eab4091b75ec0beac06b3a5837d31b.tar.zst
Shaarli-8025c63906eab4091b75ec0beac06b3a5837d31b.zip
1 files changed, 9 insertions, 1 deletions
diff --git a/plugins/playvideos/README.md b/plugins/playvideos/README.md
index 54729e0b..b1698470 100644
--- a/plugins/playvideos/README.md
+++ b/plugins/playvideos/README.md
@@ -14,8 +14,16 @@ This is a default Shaarli plugin, you just have to enable it. See https://github
 #### Troubleshooting
 If your server has [Content Security Policy](http://content-security-policy.com/) headers enabled, this may prevent the script from loading fully. You should relax the CSP in your server settings. Example CSP rule for apache2:
-`Header set Content-Security-Policy "script-src 'self' 'unsafe-inline' https://www.youtube.com https://s.ytimg.com 'unsafe-eval'"`
+In `/etc/apache2/conf-available/shaarli-csp.conf`:
+```apache
+<Directory /path/to/shaarli>
+    Header set Content-Security-Policy "script-src 'self' 'unsafe-inline' https://www.youtube.com https://s.ytimg.com 'unsafe-eval'"
+</Directory>
+```
+Then run `a2enconf shaarli-csp; service apache2 reload`
 ### License
 ```
author	nodiscc <nodiscc@gmail.com>	2015-11-30 23:17:01 +0100
committer	nodiscc <nodiscc@gmail.com>	2015-11-30 23:17:01 +0100
commit	8025c63906eab4091b75ec0beac06b3a5837d31b (patch)
tree	95a13163e0d932ad40c2a9006c06f4bacb46b025 /plugins/playvideos
parent	a33c574461cd082588b11b8843fe8fd7f92e3fe6 (diff)
download	Shaarli-8025c63906eab4091b75ec0beac06b3a5837d31b.tar.gz Shaarli-8025c63906eab4091b75ec0beac06b3a5837d31b.tar.zst Shaarli-8025c63906eab4091b75ec0beac06b3a5837d31b.zip

diff --git a/plugins/playvideos/README.md b/plugins/playvideos/README.md index 54729e0b..b1698470 100644 --- a/plugins/playvideos/README.md +++ b/plugins/playvideos/README.md
@@ -14,8 +14,16 @@ This is a default Shaarli plugin, you just have to enable it. See https://github
14	#### Troubleshooting	14	#### Troubleshooting
15		15
16	If your server has [Content Security Policy](http://content-security-policy.com/) headers enabled, this may prevent the script from loading fully. You should relax the CSP in your server settings. Example CSP rule for apache2:	16	If your server has [Content Security Policy](http://content-security-policy.com/) headers enabled, this may prevent the script from loading fully. You should relax the CSP in your server settings. Example CSP rule for apache2:
17	`Header set Content-Security-Policy "script-src 'self' 'unsafe-inline' https://www.youtube.com https://s.ytimg.com 'unsafe-eval'"`
18		17
		18	In `/etc/apache2/conf-available/shaarli-csp.conf`:
		19
		20	```apache
		21	<Directory /path/to/shaarli>
		22	Header set Content-Security-Policy "script-src 'self' 'unsafe-inline' https://www.youtube.com https://s.ytimg.com 'unsafe-eval'"
		23	</Directory>
		24	```
		25
		26	Then run `a2enconf shaarli-csp; service apache2 reload`
19		27
20	### License	28	### License
21	```	29	```