Fix #34

Fix #33
Fix CSP config
2023-06-20 15:47:00 +02:00 · 2023-06-20 15:45:09 +02:00 · 2023-06-20 15:30:30 +02:00 · 2023-06-20 15:09:48 +02:00
4 changed files with 30 additions and 8 deletions
--- a/README.md
+++ b/README.md
@ -88,6 +88,8 @@ Copy `apache2.conf.EXAMPLE` to `/etc/apache2/sites-available/moshingmammut.conf`
 Domain. If you do not need or want SSL support, remove the whole `<IfModule mod_ssl.c>` block.
 If you do, add the path to your SSLCertificateFile and SSLCertificateKeyFile.
 Modify DocumentRoot and the two Alias and Directory statements, so that thumbnails and avatars are served directly by apache.
 Copy `moshing-mammut.service.EXAMPLE` to `/etc/systemd/system/moshing-mammut.service`
 and set your `User`, `Group`, `ExecStart` and `WorkingDirectory` accordingly.
--- a/apache2.conf.EXAMPLE
+++ b/apache2.conf.EXAMPLE
@ -15,6 +15,23 @@
    Include /etc/letsencrypt/options-ssl-apache.conf
    DocumentRoot /home/moshing-mammut/app/
    ProxyPass /avatars/ !
    ProxyPass /thumbnails/ !
    Alias /avatars/ /home/moshing-mammut/app/avatars/
    Alias /thumbnails/ /home/moshing-mammut/app/thumbnails/
    <Directory "/home/moshing-mammut/app/avatars/">
      Require all granted
      Header set Cache-Control "public,max-age=31536000,immutable"
    </Directory>
    <Directory "/home/moshing-mammut/app/thumbnails/">
      Require all granted
      Header set Cache-Control "public,max-age=31536000,immutable"
    </Directory>
    ProxyPass / http://localhost:3000/
    ProxyPassReverse / http://localhost:3000/
--- a/src/app.html
+++ b/src/app.html
@ -10,6 +10,10 @@
    <meta name="apple-mobile-web-app-title" content="Moshing Mammut" />
    <meta name="application-name" content="Moshing Mammut" />
    <meta name="msapplication-TileColor" content="#2e0b78" />
    <meta
      name="description"
      content="A collection of music recommendations and now-listenings by the users of metalhead.club"
    />
    <meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover" />
    <meta name="theme-color" content="#17063b" media="(prefers-color-scheme: dark)" />
--- a/svelte.config.js
+++ b/svelte.config.js
@ -11,15 +11,14 @@ const config = {
    // adapter-auto only supports some environments, see https://kit.svelte.dev/docs/adapter-auto for a list.
    // If your environment is not supported or you settled on a specific environment, switch out the adapter.
    // See https://kit.svelte.dev/docs/adapters for more information about adapters.
-    adapter: adapter()
+    adapter: adapter(),
  },
    csp: {
      directives: {
-      'script-src': ['self']
+        'script-src': ['self', 'unsafe-inline'],
-    },
+        'base-uri': ['self'],
-    reportOnly: {
+        'object-src': ['none']
-      'script-src': ['self']
+      }
    }
  }
 };
Author	SHA1	Message	Date
Max Nuding	87b8317c90	Fix #34	2023-06-20 15:47:00 +02:00
Max Nuding	e103bef84c	Fix #33	2023-06-20 15:45:09 +02:00
Max Nuding	6d13aed0f0	Fix CSP config	2023-06-20 15:30:30 +02:00
Max Nuding	185d28c295	Fix CSP config being in the wrong section	2023-06-20 15:09:48 +02:00