nomad
/
immich
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CSP to load images

This commit is contained in:
Daniel Berteaud 2024-01-31 23:27:14 +01:00
parent 2dfda22318
commit f53c63f39f
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
example/immich.nomad.hcl
View File

@ -77,7 +77,7 @@ job "immich" {
"traefik.enable=true",
"traefik.http.routers.immich.entrypoints=https",
"traefik.http.routers.immich.rule=Host(`immich.example.org`)",
"traefik.http.middlewares.csp-immich.headers.contentsecuritypolicy=connect-src 'self' https://maputnik.github.io https://*.cofractal.com https://fonts.openmaptiles.org;default-src 'self';font-src 'self' data:;img-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';",
"traefik.http.middlewares.csp-immich.headers.contentsecuritypolicy=connect-src 'self' https://maputnik.github.io https://*.cofractal.com https://fonts.openmaptiles.org;default-src 'self';font-src 'self' data:;img-src 'self' data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';",
"traefik.http.routers.immich.middlewares=security-headers@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,csp-immich",
@ -85,7 +85,7 @@ job "immich" {
"traefik.enable=true",
"traefik.http.routers.immich-share.entrypoints=https",
"traefik.http.middlewares.csp-immich-share.headers.contentsecuritypolicy=connect-src 'self' https://maputnik.github.io https://*.cofractal.com https://fonts.openmaptiles.org;default-src 'self';font-src 'self' data:;img-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';",
"traefik.http.middlewares.csp-immich-share.headers.contentsecuritypolicy=connect-src 'self' https://maputnik.github.io https://*.cofractal.com https://fonts.openmaptiles.org;default-src 'self';font-src 'self' data:;img-src 'self' data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';",
"traefik.http.routers.immich-share.middlewares=security-headers@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,csp-immich-share",
]

1
variables.yml
View File

@ -56,6 +56,7 @@ immich:
# Immich needs a specific CSP
csp:
connect-src: "'self' https://maputnik.github.io https://*.cofractal.com https://fonts.openmaptiles.org"
img-src: "'self' data: blob:"
middlewares:
rate-limit: false