Jeff Moss on Nostr: Anyone know how to add or modify the Content Security Policy (CSP) header on ...
Anyone know how to add or modify the Content Security Policy (CSP) header on Mastodon? Something changed with the upgrade to 4.3.1 and now our .onion site images won't load due to a CSP violation.
The new CSP is auto generated, but we need to add additional servers names for our .onion services to work.
We have tried removing the (broken) CSP and re-adding the (corrected) CSP header at the nginx proxy level, but no luck so far.
Anyone know where to look?
#MastoAdmin
Mastodon Engineering (npub1u84…s78a)Published at
2024-10-30 08:26:59Event JSON
{
"id": "4b61326b343d308b4e565cd65a708874a773c1f04e25902e88d0f0a1c757f0c8",
"pubkey": "52e1815379324580d7faefb3e29fbe7d1c9aee009075a398da9398e11e6a003a",
"created_at": 1730276819,
"kind": 1,
"tags": [
[
"p",
"e1ead76c2c50b237435a796b9ba49d6bc92f32175306b2daa6ce089e2ff8d8a4"
],
[
"t",
"mastoadmin"
],
[
"proxy",
"https://defcon.social/@thedarktangent/113395421639563703",
"web"
],
[
"proxy",
"https://defcon.social/users/thedarktangent/statuses/113395421639563703",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://defcon.social/users/thedarktangent/statuses/113395421639563703",
"pink.momostr"
],
[
"-"
]
],
"content": "Anyone know how to add or modify the Content Security Policy (CSP) header on Mastodon? Something changed with the upgrade to 4.3.1 and now our .onion site images won't load due to a CSP violation.\n\nThe new CSP is auto generated, but we need to add additional servers names for our .onion services to work.\n\nWe have tried removing the (broken) CSP and re-adding the (corrected) CSP header at the nginx proxy level, but no luck so far.\n\nAnyone know where to look?\n#MastoAdmin nostr:npub1u84dwmpv2zerws66094ehfyad0yj7vsh2vrt9k4xecyfutlcmzjq72s78a",
"sig": "a61c63da4ff6c45fcdda40c5ad7d065bd7b0559a5f573e75f5fa05f59c08d2d000e47cd0c7c753db0d263d33619f0615e97c13f6a2391b648814e8efc6c8128a"
}
