Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix UI CSP for email and disable caching for default pages

Browse source
This commit is contained in:
florian 2024-03-12 13:43:27 +01:00
parent 8206aceaca
commit 5140a11dd4
No known key found for this signature in database
GPG key ID: 93EE47CC3D061500
3 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/common/confs/default-server-http.conf
View file

@ -38,6 +38,9 @@ server {
{% if IS_LOADING == "yes" +%}
root /usr/share/bunkerweb/loading;
try_files /index.html =404;
etag off;
add_header Last-Modified "";
server_tokens off;
{% endif %}
# include core and plugins default-server configurations

3
src/common/core/misc/confs/default-server-http/page.conf
View file

@ -2,5 +2,8 @@
root /usr/share/bunkerweb/core/misc/files;
location / {
try_files /default.html =404;
etag off;
add_header Last-Modified "";
server_tokens off;
}
{% endif %}

2
src/ui/main.py
View file

@ -357,7 +357,7 @@ def set_csp_header(response):
response.headers["Content-Security-Policy"] = (
"object-src 'none';"
+ " frame-ancestors 'self';"
+ " default-src 'self' https://www.bunkerweb.io https://assets.bunkerity.com;"
+ " default-src 'self' https://www.bunkerweb.io https://assets.bunkerity.com https://bunkerity.us1.list-manage.com;"
+ f" script-src 'self' 'nonce-{app.config['SCRIPT_NONCE']}';"
+ " style-src 'self' 'unsafe-inline';"
+ " img-src 'self' data: https://assets.bunkerity.com;"