From 14b9a10eb685c8d150d14c25615589715d425db3 Mon Sep 17 00:00:00 2001 From: Paul Duncan Date: Mon, 3 Jun 2024 10:57:43 -0400 Subject: content/articles/site-backend.md: add content-security-policy style-src-attr exception so viewing svgs works properly in firefox --- content/articles/site-backend.md | 6 ++++++ static/files/articles/site-backend/pablotron.org.conf.txt | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/content/articles/site-backend.md b/content/articles/site-backend.md index ca36b2d..673c20d 100644 --- a/content/articles/site-backend.md +++ b/content/articles/site-backend.md @@ -297,6 +297,12 @@ redirects removed: Header set Cache-Control "max-age=31536000, public" + # allow style-src-attr unsafe-inline for svgs + # (without this svgs do not render in firefox) + + Header set "Content-Security-Policy" "default-src 'self'; img-src 'self'; style-src-attr 'self' 'unsafe-inline'" + + # expose webhook ProxyPass "http://localhost:9000/" diff --git a/static/files/articles/site-backend/pablotron.org.conf.txt b/static/files/articles/site-backend/pablotron.org.conf.txt index b2c498b..97a60d2 100644 --- a/static/files/articles/site-backend/pablotron.org.conf.txt +++ b/static/files/articles/site-backend/pablotron.org.conf.txt @@ -35,6 +35,12 @@ Header set Cache-Control "max-age=31536000, public" + # allow style-src-attr unsafe-inline for svgs + # (without this svgs do not render in firefox) + + Header set "Content-Security-Policy" "default-src 'self'; img-src 'self'; style-src-attr 'self' 'unsafe-inline'" + + # expose webhook ProxyPass "http://localhost:9000/" -- cgit v1.2.3