diff options
author | V <v@unfathomable.blue> | 2022-05-14 22:23:06 +0200 |
---|---|---|
committer | V <v@unfathomable.blue> | 2022-05-14 23:17:42 +0200 |
commit | ebcdf459aa986141b396fbe05b080933b70c1659 (patch) | |
tree | 1ee49d759c45abb9a2f817a336ac4f9083be3265 /fleet | |
parent | b7a18bdfb9e2453684a766f7f0f611ebbc0cf1ba (diff) | |
download | unf-legacy-ebcdf459aa986141b396fbe05b080933b70c1659.tar.zst |
fleet/modules/web: drop Content-Security-Policy header, for now
Blocking inline scripts was causing Gerrit to load fonts from Google's CDN. Rather than adding the appropriate exception for this one instance, and giving myself a false sense of safety (which will inevitably result in me running into other subtle issues of this kind in the future), I'm going to disable the entire thing until I have time to set up reporting. Change-Id: I7c48e4f7d113ecc15dec0bb930918ccc691b124f
Diffstat (limited to 'fleet')
-rw-r--r-- | fleet/hosts/kaikou/gerrit.nix | 2 | ||||
-rw-r--r-- | fleet/modules/web.nix | 3 |
2 files changed, 1 insertions, 4 deletions
diff --git a/fleet/hosts/kaikou/gerrit.nix b/fleet/hosts/kaikou/gerrit.nix index ff05f2d..f97ba23 100644 --- a/fleet/hosts/kaikou/gerrit.nix +++ b/fleet/hosts/kaikou/gerrit.nix @@ -35,8 +35,6 @@ services.caddy.config = '' review.unfathomable.blue { import common - # This is to override the stronger policy set in //modules/web.nix. - header Content-Security-Policy "script-src https://review.unfathomable.blue/; object-src 'none'" reverse_proxy localhost:8080 } ''; diff --git a/fleet/modules/web.nix b/fleet/modules/web.nix index 97b67ca..248f78b 100644 --- a/fleet/modules/web.nix +++ b/fleet/modules/web.nix @@ -28,8 +28,7 @@ header { Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" - # TODO(V): Consider relaxing this a bit. Disabling JavaScript is bound to result in subtle breakage. - Content-Security-Policy "script-src 'none'; object-src 'none'" + # TODO(V): Define a content security policy. Make it report-only at first, to avoid breaking things. Permissions-Policy "interest-cohort=()" X-Clacks-Overhead "GNU Terry Pratchett" } |