From 4980c04aff429b4bc8565fe8e42a9df4264d1003 Mon Sep 17 00:00:00 2001
From: Alex Gleason <alex@alexgleason.me>
Date: Wed, 11 May 2022 18:38:29 -0500
Subject: [PATCH] Mastodon nginx: enable CSP

---
 installation/mastodon.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/installation/mastodon.conf b/installation/mastodon.conf
index 32833fe2d..361e4341c 100644
--- a/installation/mastodon.conf
+++ b/installation/mastodon.conf
@@ -72,7 +72,7 @@ server {
 
   # Content Security Policy (CSP)
   # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
-  # add_header Content-Security-Policy "base-uri 'none'; default-src 'none'; font-src 'self'; img-src 'self' https: data: blob:; style-src 'self' 'unsafe-inline'; media-src 'self' https: data:; frame-src 'self' https:; manifest-src 'self'; connect-src 'self' data: blob: wss://example.com; script-src 'self'; child-src 'self'; worker-src 'self';";
+  add_header Content-Security-Policy "base-uri 'none'; default-src 'none'; font-src 'self'; img-src 'self' https: data: blob:; style-src 'self' 'unsafe-inline'; media-src 'self' https: data:; frame-src 'self' https:; manifest-src 'self'; connect-src 'self' data: blob:; script-src 'self'; child-src 'self'; worker-src 'self';";
 
   # Fallback route.
   # Try static files, then fall back to the SPA.