From 28042109818ad2fdfafb84f47761344306571ac0 Mon Sep 17 00:00:00 2001 From: Aevann Date: Sat, 9 Sep 2023 21:57:15 +0300 Subject: [PATCH] fix site crashing --- .gitignore | 1 + files/helpers/config/const.py | 2 +- includes/csp | 1 - includes/headers | 2 +- 4 files changed, 3 insertions(+), 3 deletions(-) delete mode 100644 includes/csp diff --git a/.gitignore b/.gitignore index 8c97075bb..97a56b27c 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ __pycache__/ .DS_Store emojis.zip emojis_original.zip +includes/content-security-policy diff --git a/files/helpers/config/const.py b/files/helpers/config/const.py index ca5acdbab..3738e2a80 100644 --- a/files/helpers/config/const.py +++ b/files/helpers/config/const.py @@ -1142,5 +1142,5 @@ db_session = scoped_session(sessionmaker(bind=engine, autoflush=False)) approved_embed_hosts_for_csp = ' '.join([x.split('/')[0] for x in approved_embed_hosts]) csp = f'''add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; frame-ancestors 'none'; form-action 'self'; manifest-src 'self'; worker-src 'self'; base-uri 'self'; font-src 'self'; style-src-elem 'self'; style-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; script-src-elem 'self' challenges.cloudflare.com; script-src-attr 'none'; script-src 'self' challenges.cloudflare.com; frame-src challenges.cloudflare.com www.youtube-nocookie.com platform.twitter.com rumble.com player.twitch.tv; connect-src 'self' videos.watchpeopledie.tv use1.fptls.com use1.fptls3.com api.fpjs.io; img-src {approved_embed_hosts_for_csp} data:; media-src {approved_embed_hosts_for_csp};";''' -with open("includes/csp", "w", encoding="utf-8") as f: +with open("includes/content-security-policy", "w", encoding="utf-8") as f: f.write(csp) diff --git a/includes/csp b/includes/csp deleted file mode 100644 index eb9a42918..000000000 --- a/includes/csp +++ /dev/null @@ -1 +0,0 @@ -add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; frame-ancestors 'none'; form-action 'self'; manifest-src 'self'; worker-src 'self'; base-uri 'self'; font-src 'self'; style-src-elem 'self'; style-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; script-src-elem 'self' challenges.cloudflare.com; script-src-attr 'none'; script-src 'self' challenges.cloudflare.com; frame-src challenges.cloudflare.com www.youtube-nocookie.com platform.twitter.com rumble.com player.twitch.tv; connect-src 'self' videos.watchpeopledie.tv use1.fptls.com use1.fptls3.com api.fpjs.io; img-src localhost rdrama.net i.rdrama.net watchpeopledie.tv i.watchpeopledie.tv videos.watchpeopledie.tv i.imgur.com i.imgur.io pomf2.lain.la i.giphy.com media.giphy.com media0.giphy.com media1.giphy.com media2.giphy.com media3.giphy.com media4.giphy.com media.tenor.com c.tenor.com thumbs.gfycat.com i.postimg.cc files.catbox.moe i.redd.it preview.redd.it external-preview.redd.it pbs.twimg.com i.pinimg.com kiwifarms.st uploads.kiwifarms.st upload.wikimedia.org live.staticflickr.com substackcdn.com i.kym-cdn.com i.kym-cdn.com 37.media.tumblr.com 64.media.tumblr.com 66.media.tumblr.com 78.media.tumblr.com i.ytimg.com fonts.googleapis.com raw.githubusercontent.com data:; media-src localhost rdrama.net i.rdrama.net watchpeopledie.tv i.watchpeopledie.tv videos.watchpeopledie.tv i.imgur.com i.imgur.io pomf2.lain.la i.giphy.com media.giphy.com media0.giphy.com media1.giphy.com media2.giphy.com media3.giphy.com media4.giphy.com media.tenor.com c.tenor.com thumbs.gfycat.com i.postimg.cc files.catbox.moe i.redd.it preview.redd.it external-preview.redd.it pbs.twimg.com i.pinimg.com kiwifarms.st uploads.kiwifarms.st upload.wikimedia.org live.staticflickr.com substackcdn.com i.kym-cdn.com i.kym-cdn.com 37.media.tumblr.com 64.media.tumblr.com 66.media.tumblr.com 78.media.tumblr.com i.ytimg.com fonts.googleapis.com raw.githubusercontent.com;"; \ No newline at end of file diff --git a/includes/headers b/includes/headers index 40e8522a4..151459bbc 100644 --- a/includes/headers +++ b/includes/headers @@ -3,4 +3,4 @@ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; prelo add_header X-Frame-Options "deny"; add_header X-Content-Type-Options "nosniff"; add_header Cross-Origin-Opener-Policy "same-origin"; -include includes/csp; +include includes/content-security-policy;