Kapisi/roles/WebServer/files/conf/default.csp.conf

add_header  "Content-Security-Policy" "default-src data: 'self' aninix.net foundation.aninix.net; script-src foundation.aninix.net 'self' aninix.net data: 'unsafe-inline' 'unsafe-eval'; style-src foundation.aninix.net 'self' aninix.net foundation.aninix.net 'unsafe-inline'; img-src foundation.aninix.net 'self' aninix.net; font-src data: 'self' aninix.net foundation.aninix.net; connect-src mb3admin.com 'self' aninix.net foundation.aninix.net; media-src blob: 'self' aninix.net foundation.aninix.net ; child-src blob: 'self' aninix.net foundation.aninix.net; form-action 'self' aninix.net foundation.aninix.net; upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; default-src 'none'; ";
# Gitea requires unsafe-inline style sources for label colors
# TT-RSS requires unsafe-inline/unsafe-eval for its javascript dojo.js integrations.
Dropping Stripe as a payment method (will replace with Venmo/USDCoin address) & Google Analytics for AniNIX/Sharingan -- some updates for CSP in line with https://observatory.mozilla.org/analyze/aninix.net 2023-11-16 12:50:26 -06:00			add_header "Content-Security-Policy" "default-src data: 'self' aninix.net foundation.aninix.net; script-src foundation.aninix.net 'self' aninix.net data: 'unsafe-inline' 'unsafe-eval'; style-src foundation.aninix.net 'self' aninix.net foundation.aninix.net 'unsafe-inline'; img-src foundation.aninix.net 'self' aninix.net; font-src data: 'self' aninix.net foundation.aninix.net; connect-src mb3admin.com 'self' aninix.net foundation.aninix.net; media-src blob: 'self' aninix.net foundation.aninix.net ; child-src blob: 'self' aninix.net foundation.aninix.net; form-action 'self' aninix.net foundation.aninix.net; upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; default-src 'none'; ";
			`# Gitea requires unsafe-inline style sources for label colors`
			`# TT-RSS requires unsafe-inline/unsafe-eval for its javascript dojo.js integrations.`