From 8025c63906eab4091b75ec0beac06b3a5837d31b Mon Sep 17 00:00:00 2001 From: nodiscc Date: Mon, 30 Nov 2015 23:17:01 +0100 Subject: [doc] add apache2 CSP config --- plugins/playvideos/README.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'plugins/playvideos') diff --git a/plugins/playvideos/README.md b/plugins/playvideos/README.md index 54729e0b..b1698470 100644 --- a/plugins/playvideos/README.md +++ b/plugins/playvideos/README.md @@ -14,8 +14,16 @@ This is a default Shaarli plugin, you just have to enable it. See https://github #### Troubleshooting If your server has [Content Security Policy](http://content-security-policy.com/) headers enabled, this may prevent the script from loading fully. You should relax the CSP in your server settings. Example CSP rule for apache2: -`Header set Content-Security-Policy "script-src 'self' 'unsafe-inline' https://www.youtube.com https://s.ytimg.com 'unsafe-eval'"` +In `/etc/apache2/conf-available/shaarli-csp.conf`: + +```apache + + Header set Content-Security-Policy "script-src 'self' 'unsafe-inline' https://www.youtube.com https://s.ytimg.com 'unsafe-eval'" + +``` + +Then run `a2enconf shaarli-csp; service apache2 reload` ### License ``` -- cgit v1.2.3