From 1008e2c01d214a92820b4d978c2ecab98525e439 Mon Sep 17 00:00:00 2001 From: Caspar Neumann Date: Tue, 7 Nov 2023 16:00:51 +0100 Subject: [PATCH] Comment Out H5P CSP --- dockerconf/nginx.conf.template | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/dockerconf/nginx.conf.template b/dockerconf/nginx.conf.template index f99df857e7..11ecc7c2b5 100644 --- a/dockerconf/nginx.conf.template +++ b/dockerconf/nginx.conf.template @@ -4,7 +4,7 @@ server { set $csp "default-src 'self'; base-uri 'self'; script-src 'nonce-$request_id' 'strict-dynamic' 'unsafe-inline' https:; object-src 'none'; font-src 'self' data:; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-src 'self' ${H5P_FRAME_SRC_URLS}"; - set $h5pcsp "default-src 'self'; base-uri 'self'; script-src ${H5P_SCRIPT_SRC_URLS} 'unsafe-inline' https:; object-src 'none'; font-src 'self' data:; img-src 'self' ${H5P_IMG_SRC_URLS} data:; style-src 'self' 'unsafe-inline'; frame-src 'self' ${H5P_FRAME_SRC_URLS}"; +# set $h5pcsp "default-src 'self'; base-uri 'self'; script-src ${H5P_SCRIPT_SRC_URLS} 'unsafe-inline' https:; object-src 'none'; font-src 'self' data:; img-src 'self' ${H5P_IMG_SRC_URLS} data:; style-src 'self' 'unsafe-inline'; frame-src 'self' ${H5P_FRAME_SRC_URLS}"; location /status { stub_status; @@ -63,19 +63,19 @@ server { proxy_pass ${LEGACY_CLIENT_URL}; } - location /h5p/ { - root /usr/share/nginx/html/h5p; - index index.html index.htm; - add_header Content-Security-Policy "${h5pcsp}"; - add_header X-Content-Type-Options nosniff; - add_header Referrer-Policy 'same-origin'; - add_header X-XSS-Protection '1; mode=block'; - add_header X-Frame-Options 'SAMEORIGIN'; - add_header Permissions-Policy 'fullscreen=(*), sync-xhr=(*), geolocation=(self), midi=(self), microphone=(self), camera=(self), magnetometer=(self), gyroscope=(self), payment=()'; - sub_filter_once off; - sub_filter '**CSP_NONCE**' $request_id; - try_files $uri /index.html =404; - } +# location /h5p/ { +# root /usr/share/nginx/html/h5p; +# index index.html index.htm; +# add_header Content-Security-Policy "${h5pcsp}"; +# add_header X-Content-Type-Options nosniff; +# add_header Referrer-Policy 'same-origin'; +# add_header X-XSS-Protection '1; mode=block'; +# add_header X-Frame-Options 'SAMEORIGIN'; +# add_header Permissions-Policy 'fullscreen=(*), sync-xhr=(*), geolocation=(self), midi=(self), microphone=(self), camera=(self), magnetometer=(self), gyroscope=(self), payment=()'; +# sub_filter_once off; +# sub_filter '**CSP_NONCE**' $request_id; +# try_files $uri /index.html =404; +# } location / { root /usr/share/nginx/html/frontend;