1
0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-12-22 12:51:34 -05:00

Fix CSP for SOGo (#122)

Signed-off-by: samsepi0l <contact@simpleprivacy.fr>
This commit is contained in:
samsepi0l 2023-05-02 09:39:34 +02:00 committed by GitHub
parent fd52793cad
commit 2af22036b8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -75,13 +75,13 @@ Use the following as your [Content Security Policy](https://developer.mozilla.or
#### If you use Gravatar with SOGo #### If you use Gravatar with SOGo
``` ```
add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'"; add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.github.com https://www.gravatar.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://www.gravatar.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'";
``` ```
#### If you do not use Gravatar with SOGo #### If you do not use Gravatar with SOGo
``` ```
add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.github.com https://www.gravatar.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://www.gravatar.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'"; add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; block-all-mixed-content; base-uri 'none'";
``` ```
### Cross-Origin Resource, Opener, and Embedder Policies ### Cross-Origin Resource, Opener, and Embedder Policies