nomad/matrix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adjust CSP for Element

Browse Source
This commit is contained in:
Daniel Berteaud 2024-05-16 09:20:26 +02:00
parent 42c5c3e237
commit 9ebf2339b8
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
example/matrix.nomad.hcl
View File

@ -63,21 +63,21 @@ job "matrix" {
"traefik.enable=true",
"traefik.http.routers.matrix-admin.entrypoints=https",
"traefik.http.middlewares.csp-matrix-admin.headers.contentsecuritypolicy=connect-src 'self' https://scalar.vector.im https://api.maptiler.com;default-src 'self';font-src 'self' data:;frame-src 'self' blob: https://scalar.vector.im/ https://meet.element.io;img-src 'self' data: blob: https://img.youtube.com https://*.ytimg.com;script-src 'self' https://usercontent.riot.im https://scalar.vector.im;style-src 'self' 'unsafe-inline';worker-src 'self' blob:;",
"traefik.http.middlewares.csp-matrix-admin.headers.contentsecuritypolicy=connect-src 'self' https://scalar.vector.im https://vector.im https://api.maptiler.com;default-src 'self';font-src 'self' data:;frame-src 'self' blob: https://scalar.vector.im/ https://meet.element.io;img-src 'self' data: blob: https://img.youtube.com https://*.ytimg.com;script-src 'self' 'unsafe-eval' https://usercontent.riot.im https://scalar.vector.im;style-src 'self' 'unsafe-inline';worker-src 'self' blob:;",
"traefik.http.routers.matrix-admin.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,csp-matrix-admin",
"traefik.http.routers.matrix-admin.rule=Host(`matrix.consul`) && PathPrefix(`/_admin`)",
"traefik.enable=true",
"traefik.http.routers.matrix-synapse-admin.entrypoints=https",
"traefik.http.middlewares.csp-matrix-synapse-admin.headers.contentsecuritypolicy=connect-src 'self' https://scalar.vector.im https://api.maptiler.com;default-src 'self';font-src 'self' data:;frame-src 'self' blob: https://scalar.vector.im/ https://meet.element.io;img-src 'self' data: blob: https://img.youtube.com https://*.ytimg.com;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';worker-src 'self' blob:;",
"traefik.http.middlewares.csp-matrix-synapse-admin.headers.contentsecuritypolicy=connect-src 'self' https://scalar.vector.im https://vector.im https://api.maptiler.com;default-src 'self';font-src 'self' data:;frame-src 'self' blob: https://scalar.vector.im/ https://meet.element.io;img-src 'self' data: blob: https://img.youtube.com https://*.ytimg.com;script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';worker-src 'self' blob:;",
"traefik.http.routers.matrix-synapse-admin.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,csp-matrix-synapse-admin",
"traefik.http.routers.matrix.rule=Host(`matrix.consul`) || (Host(`matrix.consul`) && PathRegexp(`^/(_(synapse|matrix)|\\.well-known/matrix)/.*`))",
"traefik.enable=true",
"traefik.http.routers.matrix.entrypoints=https",
"traefik.http.middlewares.csp-matrix.headers.contentsecuritypolicy=connect-src 'self' https://scalar.vector.im https://api.maptiler.com;default-src 'self';font-src 'self' data:;frame-src 'self' blob: https://scalar.vector.im/ https://meet.element.io;img-src 'self' data: blob: https://img.youtube.com https://*.ytimg.com;script-src 'self' https://usercontent.riot.im https://scalar.vector.im;style-src 'self' 'unsafe-inline';worker-src 'self' blob:;",
"traefik.http.middlewares.csp-matrix.headers.contentsecuritypolicy=connect-src 'self' https://scalar.vector.im https://vector.im https://api.maptiler.com;default-src 'self';font-src 'self' data:;frame-src 'self' blob: https://scalar.vector.im/ https://meet.element.io;img-src 'self' data: blob: https://img.youtube.com https://*.ytimg.com;script-src 'self' 'unsafe-eval' https://usercontent.riot.im https://scalar.vector.im;style-src 'self' 'unsafe-inline';worker-src 'self' blob:;",
"traefik.http.routers.matrix.middlewares=security-headers@file,rate-limit-std@file,forward-proto@file,inflight-std@file,hsts@file,compression@file,csp-matrix",
]

4
variables.yml
View File

@ -135,9 +135,9 @@ matrix:
# Element will need some custom CSP
csp:
script-src: "'self' https://usercontent.riot.im https://scalar.vector.im"
script-src: "'self' 'unsafe-eval' https://usercontent.riot.im https://scalar.vector.im"
worker-src: "'self' blob:"
connect-src: "'self' https://scalar.vector.im https://api.maptiler.com"
connect-src: "'self' https://scalar.vector.im https://vector.im https://api.maptiler.com"
img-src: "'self' data: blob: https://img.youtube.com https://*.ytimg.com"
frame-src: "'self' blob: https://scalar.vector.im/ https://meet.element.io"