-
-
{% endblock %}
diff --git a/files/templates/modals/emoji.html b/files/templates/modals/emoji.html
index 17178dc25..4fbf0e064 100644
--- a/files/templates/modals/emoji.html
+++ b/files/templates/modals/emoji.html
@@ -1,6 +1,6 @@
-
+
{% if v.agendaposter %}
-
{% endif %}
{% if v.themecolor == '30409f' %}
-
+
{% endmacro %}
diff --git a/nginx-headers.conf b/nginx-headers.conf
index d69a5f5ce..bdab541b7 100644
--- a/nginx-headers.conf
+++ b/nginx-headers.conf
@@ -2,4 +2,3 @@ add_header Referrer-Policy "same-origin";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header X-Frame-Options "deny";
add_header X-Content-Type-Options "nosniff";
-add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' challenges.cloudflare.com rdrama.net; connect-src 'self' tls-use1.fpapi.io api.fpjs.io; object-src 'none';";
diff --git a/nginx-serve-static.conf b/nginx-serve-static.conf
index 5d690b13c..2ac479d00 100644
--- a/nginx-serve-static.conf
+++ b/nginx-serve-static.conf
@@ -1,4 +1,5 @@
include includes/headers;
+add_header Content-Security-Policy "default-src 'none';";
sendfile on;
sendfile_max_chunk 1m;
tcp_nopush on;
diff --git a/nginx.conf b/nginx.conf
index 56e0e7bee..54174e61c 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -5,6 +5,7 @@ server {
listen [::]:80;
proxy_set_header Host $http_host;
include includes/headers;
+ add_header Content-Security-Policy "default-src 'none';";
location / {
proxy_pass http://localhost:5000/;
@@ -18,6 +19,7 @@ server {
proxy_set_header Connection "Upgrade";
proxy_pass http://localhost:5001/socket.io;
include includes/headers;
+ add_header Content-Security-Policy "default-src 'none';";
}
location /chat {
proxy_pass http://localhost:5001/chat;
@@ -70,6 +72,16 @@ server {
alias /rDrama/files/assets/images/rDrama/icon.webp;
include includes/serve-static;
}
+ location =/favicon.ico {
+ alias /rDrama/files/assets/images/rDrama/icon.webp;
+ include includes/serve-static;
+ }
+ location =/offline.html {
+ alias /rDrama/files/assets/offline.html;
+ add_header Content-Security-Policy "default-src 'none'; style-src 'unsafe-inline'; img-src data:;";
+
+ }
+
error_page 502 = /502.html;
location =/502.html {