renge/element-web: Fix frame-ancestors CSP
Something changed in how Firefox interprets the CSP, which made loading element web fail.
This commit is contained in:
parent
08e30e01cf
commit
391234776a
|
@ -3,20 +3,7 @@
|
|||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
|
||||
{ lib, pkgs, ... }:
|
||||
let
|
||||
# This uses
|
||||
# https://github.com/vector-im/element-web#configuration-best-practices
|
||||
# but allows to disable the frame-ancestors rule for /usercontent/.
|
||||
mkSecurityHeaders = withFrameOptions: ''
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
'' + lib.optionalString withFrameOptions ''
|
||||
add_header Content-Security-Policy "frame-ancestors 'none'";
|
||||
'' + lib.optionalString (!withFrameOptions) ''
|
||||
add_header Content-Security-Policy "frame-ancestors 'self'";
|
||||
'';
|
||||
in
|
||||
|
||||
{
|
||||
services.nginx.virtualHosts."chat.sbruder.de" = {
|
||||
enableACME = true;
|
||||
|
@ -24,8 +11,13 @@ in
|
|||
|
||||
root = pkgs.element-web;
|
||||
|
||||
extraConfig = mkSecurityHeaders true;
|
||||
locations."/usercontent/".extraConfig = mkSecurityHeaders false;
|
||||
# https://github.com/vector-im/element-web#configuration-best-practices
|
||||
extraConfig = ''
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header Content-Security-Policy "frame-ancestors 'self'";
|
||||
'';
|
||||
|
||||
# nixpkgs’s override mechanism doesn’t allow overriding of all options
|
||||
locations."=/config.chat.sbruder.de.json".alias = pkgs.writeText "config.chat.sbruder.de.json" (lib.generators.toJSON { } {
|
||||
|
|
Loading…
Reference in a new issue