summersamara
|
9c0c5b6e83
|
Fix fullcalendar CSP errors
- whitelist the 'data:' protocol for fonts
- Add CSP hash directive to allow fullcalendar inline style
|
2023-12-18 18:05:25 +01:00 |
|
Thomas Citharel
|
a51b36fb75
|
Fix building CSP policy
You can't use 'none' as a CSP Policy if there's other things among
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
2022-11-04 16:47:24 +01:00 |
|
Thomas Citharel
|
e31433cf83
|
Allow for resource providers to register a csp policy
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
2022-11-04 11:50:15 +01:00 |
|
Thomas Citharel
|
57fac37347
|
Support CSP report_uri, report_to and the Report-To and Reporting-Endpoints headers
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
2022-11-04 10:55:26 +01:00 |
|
Thomas Citharel
|
e97206077c
|
Add CSP Policy for pictures
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
2022-11-04 09:26:45 +01:00 |
|
Thomas Citharel
|
a1726fc12e
|
Add sha-256 hash for toggling dark theme code and remove inlined phoenix digest
Follow-up to !1300
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
2022-11-02 11:36:32 +01:00 |
|
Thomas Citharel
|
4db13046b7
|
Provide an accept CSP policy for global search pictures
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
2022-08-28 10:02:06 +02:00 |
|
Thomas Citharel
|
e3adc0684f
|
Make FrontEndAnalytics provide CSP configuration
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
2022-04-06 19:56:09 +02:00 |
|
Thomas Citharel
|
b5d9b82bdd
|
Refactor Mobilizon.Federation.ActivityPub and add typespecs
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
2021-09-29 16:31:11 +02:00 |
|
Thomas Citharel
|
41f086e2c9
|
Spec improvements
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
2021-09-27 09:42:12 +02:00 |
|
Thomas Citharel
|
1893d9f55b
|
Various refactoring and typespec improvements
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
2021-09-26 17:52:24 +02:00 |
|
Thomas Citharel
|
de047c8939
|
Various typespec and compilation improvements
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
2021-09-26 17:52:20 +02:00 |
|
Thomas Citharel
|
b196719238
|
Remove unsafe-inline from CSP
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
2021-07-02 09:46:38 +02:00 |
|
Thomas Citharel
|
bac2d3188c
|
Fix GraphiQL CSP headers
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
2021-06-28 11:57:11 +02:00 |
|
Thomas Citharel
|
f2175c6498
|
Refactor CSP
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
2021-04-16 14:57:02 +02:00 |
|
Thomas Citharel
|
8508558945
|
Allow every origin for connect-src because of Webfinger
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
2021-02-26 11:44:27 +01:00 |
|
Thomas Citharel
|
e933004daf
|
Fix CSP issues in production
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
2021-01-26 17:00:15 +01:00 |
|
Thomas Citharel
|
e0e46a81e3
|
Refactor CSP config by using Pleroma's HTTPSecurityPlug
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
2021-01-25 18:06:49 +01:00 |
|