jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Allow fonts loaded as inline data URI for the dashboard

Browse Source 
Fixes #859
This commit is contained in:
Johannes Zellner
2025-10-20 15:00:53 +02:00
parent f9af84fd85
commit adee5fa25f
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/nginxconfig.ejs
+1 -1
View File
@@ -130,7 +130,7 @@ server {
<% if ( endpoint === 'dashboard' || endpoint === 'ip' || endpoint === 'setup' ) { -%>
# CSP headers for the dashboard resources
add_header Content-Security-Policy "default-src 'none'; frame-src 'self' cloudron.io *.cloudron.io; connect-src wss: https: 'self' *.cloudron.io; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; media-src *; img-src * blob: data:; style-src https: 'unsafe-inline'; object-src 'none'; font-src https: 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self';";
add_header Content-Security-Policy "default-src 'none'; frame-src 'self' cloudron.io *.cloudron.io; connect-src wss: https: 'self' *.cloudron.io; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; media-src *; img-src * blob: data:; style-src https: 'unsafe-inline'; object-src 'none'; font-src https: data: 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self';";
<% } else { %>
<% if (cspQuoted) { %>
add_header Content-Security-Policy <%- cspQuoted %>;