Playing with CSP reporting.

2023-04-06 09:47:05 +02:00 · 2023-04-06 09:47:05 +02:00 · a90a2b7d43
parent 60d71bd8eb
commit a90a2b7d43
1 changed files with 10 additions and 5 deletions
--- a/afpy.org.yml
+++ b/afpy.org.yml
@ -64,9 +64,10 @@
              root /var/www/afpy.org/;
              include snippets/letsencrypt-afpy.org.conf;
              index index.html;
-
-              add_header Report-To '{"group": "xmpp", "max_age": 10886400, "endpoints": [{ "url": "https://http-to-xmpp.afpy.org" }] }';
-              add_header Content-Security-Policy-Report-Only "default-src 'none'; img-src 'self'; style-src 'self'; script-src 'self'; frame-ancestors 'self'; frame-src https://www.helloasso.com https://web.libera.chat report-uri https://http-to-xmpp.afpy.org; report-to xmpp";
+              add_header Reporting-Endpoints xmpp="https://http-to-xmpp.afpy.org";
+              add_header Report-To '{"group": "xmpp", "max_age": 86400, "endpoints": [{"url": "https://http-to-xmpp.afpy.org"}]}';
+              add_header Content-Security-Policy-Report-Only "default-src 'none'; img-src 'self'; style-src 'self'; script-src 'self'; frame-ancestors 'self'; report-uri https://http-to-xmpp.afpy.org; report-to xmpp";
+              # add_header Content-Security-Policy-Report-Only "default-src 'none'; img-src 'self'; style-src 'self'; script-src 'self'; frame-ancestors 'self'; frame-src https://www.helloasso.com https://web.libera.chat report-uri https://http-to-xmpp.afpy.org; report-to xmpp";
              add_header X-Content-Type-Options "nosniff";

              location /discord
@ -238,7 +239,9 @@
          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVrME7+AYhM4n6opE5gVJbWsZHLETucV2wV+kDvnLk3
          {{ authorized_keys['mdk'] | join(LF) }}
        nginx_extra: |
-          add_header Content-Security-Policy "default-src 'none'; font-src https://cdnjs.cloudflare.com; img-src 'self' https://www.gravatar.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; script-src 'self' https://cdnjs.cloudflare.com; frame-ancestors 'self'";
+          add_header Reporting-Endpoints xmpp="https://http-to-xmpp.afpy.org";
+          add_header Report-To '{"group": "xmpp", "max_age": 86400, "endpoints": [{"url": "https://http-to-xmpp.afpy.org"}]}';
+          add_header Content-Security-Policy "default-src 'none'; font-src https://cdnjs.cloudflare.com; img-src 'self' https://www.gravatar.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; script-src 'self' https://cdnjs.cloudflare.com; frame-ancestors 'self'; report-uri https://http-to-xmpp.afpy.org; report-to xmpp";
          add_header X-Content-Type-Options "nosniff";

    - name: Setup nantes.afpy.org
@ -289,7 +292,9 @@
          {
              listen [::]:443 ssl http2; listen 443 ssl http2;
              server_name photos.afpy.org;
-              add_header Content-Security-Policy "default-src 'none'; img-src 'self'; style-src 'self'; script-src 'self'; frame-ancestors 'self'";
+              add_header Reporting-Endpoints xmpp="https://http-to-xmpp.afpy.org";
+              add_header Report-To '{"group": "xmpp", "max_age": 86400, "endpoints": [{"url": "https://http-to-xmpp.afpy.org"}]}';
+              add_header Content-Security-Policy "default-src 'none'; img-src 'self'; style-src 'self'; script-src 'self'; frame-ancestors 'self'; report-uri https://http-to-xmpp.afpy.org; report-to xmpp";
              add_header X-Content-Type-Options "nosniff";
              include snippets/letsencrypt-photos.afpy.org.conf;
              root /var/www/photos.afpy.org/;