From 6294e583043cf5596c43edc408f321eb8099644f Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 1 Jul 2021 12:41:05 +0300 Subject: [PATCH] Fix Content-Security-Policy for Element Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/1154 According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy, having both a header and the ``-tag provided by Element itself is not a problem. The 2 CSP policies get combined. --- .../templates/nginx/conf.d/matrix-client-element.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 index 17e8f131..2f4f4aa1 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-client-element.conf.j2 @@ -12,7 +12,7 @@ add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "{{ matrix_nginx_proxy_xss_protection }}"; add_header X-Frame-Options SAMEORIGIN; - add_header Content-Security-Policy "frame-ancestors 'none'"; + add_header Content-Security-Policy "frame-ancestors 'self'"; {% if matrix_nginx_proxy_floc_optout_enabled %} add_header Permissions-Policy interest-cohort=() always;