Fix CSP for cloudfront media

2025-12-15 04:35:16 +00:00 · 2022-01-28 18:27:38 -05:00
parent 668df16fd2
commit be24ab2342
3 changed files with 6 additions and 3 deletions
--- a/pages/gallery.go
+++ b/pages/gallery.go
@@ -9,7 +9,7 @@ import (

 func HandleGallery(c *fiber.Ctx) error {
 	utils.SetHeaders(c)
-	c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; block-all-mixed-content")
+	c.Set("Content-Security-Policy", "default-src 'none'; style-src 'self'; media-src 'self' *.cloudfront.net; img-src 'self' *.cloudfront.net; font-src 'self'; block-all-mixed-content")

 	album, err := api.FetchAlbum(c.Params("galleryID"))
 	if err != nil {
--- a/pages/user.go
+++ b/pages/user.go
@@ -12,7 +12,7 @@ import (
 func HandleUser(c *fiber.Ctx) error {
 	utils.SetHeaders(c)
 	c.Set("Cache-Control", "public,max-age=604800")
-	c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'self'; font-src 'self'; block-all-mixed-content")
+	c.Set("Content-Security-Policy", "default-src 'none'; style-src 'self' 'unsafe-inline'; media-src 'self' *.cloudfront.net; img-src 'self' *.cloudfront.net; font-src 'self'; block-all-mixed-content")

 	wg := sync.WaitGroup{}
 	wg.Add(2)