# HG changeset patch # User IBBoard # Date 1665227752 -3600 # Node ID 83f2e944a43f7fcee6590da2b197d97733ac3c80 # Parent 575764c36e16c053ad04a9936a64f563c2718be9 Set security settings on BDStrike.co.uk Wordpress does some stuff that can be fixed with nonces and LOTS of stuff that can't, so we need to change the CSP headers diff -r 575764c36e16 -r 83f2e944a43f manifests/templates.pp --- a/manifests/templates.pp Sat Oct 08 12:08:50 2022 +0100 +++ b/manifests/templates.pp Sat Oct 08 12:15:52 2022 +0100 @@ -715,11 +715,20 @@ docroot_group => 'editors', letsencrypt_name => 'bdstrike.co.uk', custom_fragment => template("privat/apache/bdstrike.fragment"), - csp_override => {"frame-ancestors" => "'self'"}, - csp_report_override => { + csp_override => { + "report-uri" => "https://ibboard.report-uri.com/r/d/csp/enforce", "font-src" => "'self' https://fonts.gstatic.com/ data:", - "img-src" => "'self' https://secure.gravatar.com/", - "style-src" => "'self' https://fonts.googleapis.com/ 'unsafe-inline'" + "img-src" => "'self' https://secure.gravatar.com/ data:", + "style-src" => "'self' https://fonts.googleapis.com/ 'unsafe-inline'", + "connect-src" => "'self' https://www.sandbox.paypal.com/ https://www.paypal.com/", + "frame-ancestors" => "'self'" + }, + csp_report_override => { + "report-uri" => "https://ibboard.report-uri.com/r/d/csp/enforce", + "font-src" => "'self' https://fonts.gstatic.com/ data:", # TODO: What's generating it? + "img-src" => "'self' https://secure.gravatar.com/ data:", + "style-src" => "'self' https://fonts.googleapis.com/ 'nonce-%{CSP_NONCE}e' 'unsafe-hashes' 'sha256-anQSeQoEnQnBulZOQkDOFf+e6xBIGmqh7M8YFT992co=' 'sha256-zJDyuABAg68wtWDFyIh+RRe+6Vm/r+BLwaNRCGNVyXI=' 'sha256-qMalr/MPLUDW4lX/rq/cGp1Eu/H0cu0Yg98pdu69Jxs=' 'sha256-mshqJ+hidJMRDeNLHknuDAeYLOPg2OTIIA3nZmHgi9U=' 'sha256-YnRUd/QjP/NuFgfjMHhNfMCqXh0RQIGdvQfMCOf6qkw=' 'sha256-EwdiFJgqhefinoeAymrWxOYW4kza2Ekos5MY0PlXYI0=' 'sha256-G4K9vh8e+37+l69S+lHTyX3CfcK95mQUgyxYPCb7uME=' 'sha256-t6oewASd7J1vBg5mQtX4hl8bg8FeegYFM3scKLIhYUc=' 'sha256-mAQYxa3mIYqoLBrm1zLu6sLajr8vUHVFLYNpl6dAakM=' 'sha256-A8foknjCsFBi1PlRehOrHq0pVySigUurqAUgZ2y2U8c=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-WzSByVQ8yW/DKrr77TWVt7WEMzueRcfJZImOkjTBKmc='", + "connect-src" => "'self' https://www.sandbox.paypal.com/ https://www.paypal.com/", }, } $aliases = [