Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-04-03 17:54:14 +02:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Fix CSP

Browse source 
Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
This commit is contained in:
Johannes Marbach 2026-03-20 14:04:25 +01:00
parent 2fd3c28a7a
commit e9a29f27dc
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
config/_default/hugo.toml
View file

@ -152,8 +152,9 @@ sidebar_menu_compact = true
[server.headers.values]
# `style-src 'unsafe-inline'` is needed to correctly render the maths in the Olm spec:
# https://github.com/KaTeX/KaTeX/issues/4096
# TODO: Figure out CSP to allow loading the Pagefind Wasm
#Content-Security-Policy = "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; img-src 'self' data:; connect-src 'self'; font-src 'self' data:; media-src 'self'; child-src 'self'; form-action 'self'; object-src 'self'"
# `script-src 'unsafe-eval'` is needed because Pagefind relies on it to load its Wasm:
# https://github.com/Pagefind/pagefind/blob/main/docs/content/docs/hosting.md
Content-Security-Policy = "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; img-src 'self' data:; connect-src 'self'; font-src 'self' data:; media-src 'self'; child-src 'self'; form-action 'self'; object-src 'self'"
X-XSS-Protection = "1; mode=block"
X-Content-Type-Options = "nosniff"
# Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload"