diff options
| author |  steering7253 | 2026-04-30 13:18:20 -0600 |
|---|---|---|
| committer | steering7253 | 2026-04-30 13:18:20 -0600 |
| commit | 4ea8a63f3d8008f72c3e723d71f5de8b34d6bc5d (patch) | |
| tree | d30dd984a20d180938d72e1926e9d1e8b4a0b8d5 | |
| parent | harden config (diff) | |
csp
| -rw-r--r-- | server.conf | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/server.conf b/server.conf index 28bb8fb..4d3a710 100644 --- a/server.conf +++ b/server.conf @@ -24,7 +24,16 @@ location ~ ^/(~[^/]+)/ { if (!-d /opt/cgit-space/users/$1) { return 404; } - add_header Content-Security-Policy "default-src $http_host/cgit/; img-src *; script-src $http_host/cgit/ 'unsafe-hashes' 'sha256-rQQdnklrOmulrf5mQ2YjUK7CGbu4ywAi21E8nGlJcDc='; style-src $http_host/extra-cgit.css $http_host/cgit/ 'sha256-ZagwbGUdi+vgr4PwhdaOtzVHKbrx6+h/7nAGZ4g7H+Q='"; +#<select name='h' onchange='this.form.submit();'> + set $CSPjs_brsw "'sha256-rQQdnklrOmulrf5mQ2YjUK7CGbu4ywAi21E8nGlJcDc='"; #branch switcher +#from /usr/lib64/cgit/filters/html-converters/md2html + set $CSPcss_markdown "'sha256-ZagwbGUdi+vgr4PwhdaOtzVHKbrx6+h/7nAGZ4g7H+Q='"; #md2html +#python -c 'import pygments.formatters, hashlib, sys; sys.stdout.buffer.write(hashlib.sha256(pygments.formatters.HtmlFormatter(style="pastie", nobackground=True).get_style_defs(".highlight").encode("utf8")).digest())' | base64 + set $CSPcss_syntax "'sha256-x5EoeM7mmuP1LWxpf/pgB2Zb9MMQAVtw5Xj3jN5U8i0='"; #syntax +#https://cgit.space/~steering/autopeer.git/commit/authorized_keys.sh?id=38fca7692e900589338eade8b5667a483575f5af diffstat + #set $CSPcss_width100 "'sha256-ZFTJlMhW3m2AbQ2U0YbZDdYHJvYjPBCcHckJcyDt25o='"; + #set $CSPcss_width0 "'sha256-kTVTGy3RZGpMQ8RgkbpHLRIkw2MsbWtg4jjmZzyM9uI='"; + add_header Content-Security-Policy "default-src $http_host/cgit/; img-src *; script-src $http_host/cgit/ 'unsafe-hashes' $CSPjs_brsw; style-src $http_host/extra-cgit.css $http_host/cgit/ 'unsafe-hashes' $CSPcss_markdown $CSPcss_syntax";# $CSPcss_width100 $CSPcss_width0"; fastcgi_pass 127.0.0.1:1733; include fastcgi-cgit.conf; |