finallycoffee/matrix-docker-ansible-deploy
finallycoffee
/
matrix-docker-ansible-deploy
2
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix Content-Security-Policy for Element 

Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1154

According to
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy,
having both a header and the `<meta>`-tag provided by Element itself is
not a problem. The 2 CSP policies get combined.
This commit is contained in:
Slavi Pantaleev 2021-07-01 12:41:05 +03:00
parent 154c2bbe36
commit 6294e58304
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2
View File

@ -12,7 +12,7 @@
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}";
add_header X-Frame-Options SAMEORIGIN;
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header Content-Security-Policy "frame-ancestors 'self'";
{% if matrix_nginx_proxy_floc_optout_enabled %}
add_header Permissions-Policy interest-cohort=() always;