[enh] Allow peertube video which comes from a subdomain

author: frju365 <win10@tutanota.com> 2018-10-13 21:17:41 +0200
committer: GitHub <noreply@github.com> 2018-10-13 21:17:41 +0200
commit: 71d274fbb09471952704f499254cfe68d4f4a4d5 (patch)
tree: d8d65ec6d57ae5b3b8af1149588f088141c8499d /conf
parent: 961d8c13393cbba7d35e8ef539514db6cc02bbfc (diff)
download: mastodon_ynh-71d274fbb09471952704f499254cfe68d4f4a4d5.tar.gz
mastodon_ynh-71d274fbb09471952704f499254cfe68d4f4a4d5.tar.bz2
mastodon_ynh-71d274fbb09471952704f499254cfe68d4f4a4d5.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 156d56d..b5cbddd 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -2,7 +2,7 @@
 client_max_body_size 100M;
 
 # Content Security Policy : security to avoid launching unsecure script	
-add_header Content-Security-Policy "default-src 'none'; font-src 'self'; media-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; img-src 'self' blob: data:; connect-src 'self' wss://__DOMAIN__;";
+add_header Content-Security-Policy "default-src 'none'; font-src 'self'; media-src 'self' *.__DOMAIN__; object-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' *.__DOMAIN__; img-src 'self' blob: data:; connect-src 'self' wss://__DOMAIN__ *.__DOMAIN__;";
 
 # add to v1.4 assets
 root __FINALPATH__/live/public;
author	frju365 <win10@tutanota.com>	2018-10-13 21:17:41 +0200
committer	GitHub <noreply@github.com>	2018-10-13 21:17:41 +0200
commit	71d274fbb09471952704f499254cfe68d4f4a4d5 (patch)
tree	d8d65ec6d57ae5b3b8af1149588f088141c8499d /conf
parent	961d8c13393cbba7d35e8ef539514db6cc02bbfc (diff)
download	mastodon_ynh-71d274fbb09471952704f499254cfe68d4f4a4d5.tar.gz mastodon_ynh-71d274fbb09471952704f499254cfe68d4f4a4d5.tar.bz2 mastodon_ynh-71d274fbb09471952704f499254cfe68d4f4a4d5.zip