From 4ea8a63f3d8008f72c3e723d71f5de8b34d6bc5d Mon Sep 17 00:00:00 2001
From: steering7253
Date: Thu, 30 Apr 2026 13:18:20 -0600
Subject: csp

---
 server.conf | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'server.conf')

diff --git a/server.conf b/server.conf
index 28bb8fb..4d3a710 100644
--- a/server.conf
+++ b/server.conf
@@ -24,7 +24,16 @@ location ~ ^/(~[^/]+)/ {
 	if (!-d /opt/cgit-space/users/$1) {
 		return 404;
 	}
-	add_header Content-Security-Policy "default-src $http_host/cgit/; img-src *; script-src $http_host/cgit/ 'unsafe-hashes' 'sha256-rQQdnklrOmulrf5mQ2YjUK7CGbu4ywAi21E8nGlJcDc='; style-src $http_host/extra-cgit.css $http_host/cgit/ 'sha256-ZagwbGUdi+vgr4PwhdaOtzVHKbrx6+h/7nAGZ4g7H+Q='";
+#<select name='h' onchange='this.form.submit();'>
+	set $CSPjs_brsw "'sha256-rQQdnklrOmulrf5mQ2YjUK7CGbu4ywAi21E8nGlJcDc='"; #branch switcher
+#from /usr/lib64/cgit/filters/html-converters/md2html
+	set $CSPcss_markdown "'sha256-ZagwbGUdi+vgr4PwhdaOtzVHKbrx6+h/7nAGZ4g7H+Q='"; #md2html
+#python -c 'import pygments.formatters, hashlib, sys; sys.stdout.buffer.write(hashlib.sha256(pygments.formatters.HtmlFormatter(style="pastie", nobackground=True).get_style_defs(".highlight").encode("utf8")).digest())' | base64
+	set $CSPcss_syntax "'sha256-x5EoeM7mmuP1LWxpf/pgB2Zb9MMQAVtw5Xj3jN5U8i0='"; #syntax
+#https://cgit.space/~steering/autopeer.git/commit/authorized_keys.sh?id=38fca7692e900589338eade8b5667a483575f5af diffstat
+	#set $CSPcss_width100 "'sha256-ZFTJlMhW3m2AbQ2U0YbZDdYHJvYjPBCcHckJcyDt25o='";
+	#set $CSPcss_width0 "'sha256-kTVTGy3RZGpMQ8RgkbpHLRIkw2MsbWtg4jjmZzyM9uI='";
+	add_header Content-Security-Policy "default-src $http_host/cgit/; img-src *; script-src $http_host/cgit/ 'unsafe-hashes' $CSPjs_brsw; style-src $http_host/extra-cgit.css $http_host/cgit/ 'unsafe-hashes' $CSPcss_markdown $CSPcss_syntax";# $CSPcss_width100 $CSPcss_width0";
 
 	fastcgi_pass 127.0.0.1:1733;
 	include fastcgi-cgit.conf;
-- 
cgit v1.3.1-10-gc9f91