From 14b9a10eb685c8d150d14c25615589715d425db3 Mon Sep 17 00:00:00 2001
From: Paul Duncan <pabs@pablotron.org>
Date: Mon, 3 Jun 2024 10:57:43 -0400
Subject: content/articles/site-backend.md: add content-security-policy
 style-src-attr exception so viewing svgs works properly in firefox

---
 static/files/articles/site-backend/pablotron.org.conf.txt | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'static')

diff --git a/static/files/articles/site-backend/pablotron.org.conf.txt b/static/files/articles/site-backend/pablotron.org.conf.txt
index b2c498b..97a60d2 100644
--- a/static/files/articles/site-backend/pablotron.org.conf.txt
+++ b/static/files/articles/site-backend/pablotron.org.conf.txt
@@ -35,6 +35,12 @@
     Header set Cache-Control "max-age=31536000, public"
   </FilesMatch>
 
+  # allow style-src-attr unsafe-inline for svgs
+  # (without this svgs do not render in firefox)
+  <FilesMatch "\.svg$">
+    Header set "Content-Security-Policy" "default-src 'self'; img-src 'self'; style-src-attr 'self' 'unsafe-inline'"
+  </FilesMatch>
+
   # expose webhook
   <Location /hooks/>
     ProxyPass "http://localhost:9000/"
-- 
cgit v1.2.3