Tighten rules on CSP font-src directive

See #37
textpattern · Jul 20, 2020 · f248227 · f248227
1 parent 68b5b13
commit f248227
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 4 deletions.
diff --git a/servers/files/trident.textpattern.com/etc/nginx/sites-available/docs.textpattern.io.conf b/servers/files/trident.textpattern.com/etc/nginx/sites-available/docs.textpattern.io.conf
@@ -75,7 +75,7 @@ server {#https(/2), PHP FastCGI
     set $csp_18be6775 '${csp_18be6775}base-uri \'self\';';
     set $csp_18be6775 '${csp_18be6775}connect-src \'self\';';
     set $csp_18be6775 '${csp_18be6775}default-src \'none\';';
-    set $csp_18be6775 '${csp_18be6775}font-src https://textpattern.com \'self\';';
+    set $csp_18be6775 '${csp_18be6775}font-src https://textpattern.com;';
     set $csp_18be6775 '${csp_18be6775}form-action \'self\';';
     set $csp_18be6775 '${csp_18be6775}frame-ancestors \'none\';';
     set $csp_18be6775 '${csp_18be6775}img-src \'self\';';

diff --git a/servers/files/trident.textpattern.com/etc/nginx/sites-available/jekyll.textpattern.com.conf b/servers/files/trident.textpattern.com/etc/nginx/sites-available/jekyll.textpattern.com.conf
@@ -44,7 +44,7 @@ server {#http(/1), #https(/2), PHP FastCGI (optional)
     set $csp_7fcbbcec '${csp_7fcbbcec}base-uri \'self\';';
     set $csp_7fcbbcec '${csp_7fcbbcec}connect-src \'self\';';
     set $csp_7fcbbcec '${csp_7fcbbcec}default-src \'none\';';
-    set $csp_7fcbbcec '${csp_7fcbbcec}font-src https://*.textpattern.com \'self\';';
+    set $csp_7fcbbcec '${csp_7fcbbcec}font-src https://textpattern.com;';
     set $csp_7fcbbcec '${csp_7fcbbcec}form-action \'self\';';
     set $csp_7fcbbcec '${csp_7fcbbcec}frame-ancestors \'none\';';
     set $csp_7fcbbcec '${csp_7fcbbcec}img-src https://textpattern.com data: \'self\';';

diff --git a/servers/files/trident.textpattern.com/etc/nginx/sites-available/plugins.textpattern.com.conf b/servers/files/trident.textpattern.com/etc/nginx/sites-available/plugins.textpattern.com.conf
@@ -87,7 +87,7 @@ server {#https(/2), PHP FastCGI (optional)
     set $csp_b4dc131c '${csp_b4dc131c}base-uri \'self\';';
     set $csp_b4dc131c '${csp_b4dc131c}connect-src \'self\';';
     set $csp_b4dc131c '${csp_b4dc131c}default-src \'none\';';
-    set $csp_b4dc131c '${csp_b4dc131c}font-src https://textpattern.com \'self\';';
+    set $csp_b4dc131c '${csp_b4dc131c}font-src https://textpattern.com;';
     set $csp_b4dc131c '${csp_b4dc131c}form-action \'self\';';
     set $csp_b4dc131c '${csp_b4dc131c}frame-ancestors \'none\';';
     set $csp_b4dc131c '${csp_b4dc131c}img-src https://textpattern.com data: \'self\';';

diff --git a/servers/files/trident.textpattern.com/etc/nginx/sites-available/themes.textpattern.com.conf b/servers/files/trident.textpattern.com/etc/nginx/sites-available/themes.textpattern.com.conf
@@ -87,7 +87,7 @@ server {#https(/2), PHP FastCGI
     set $csp_f74fa50c '${csp_f74fa50c}base-uri \'self\';';
     set $csp_f74fa50c '${csp_f74fa50c}connect-src \'self\';';
     set $csp_f74fa50c '${csp_f74fa50c}default-src \'none\';';
-    set $csp_f74fa50c '${csp_f74fa50c}font-src https://textpattern.com \'self\';';
+    set $csp_f74fa50c '${csp_f74fa50c}font-src https://textpattern.com;';
     set $csp_f74fa50c '${csp_f74fa50c}form-action \'self\';';
     set $csp_f74fa50c '${csp_f74fa50c}frame-ancestors \'none\';';
     set $csp_f74fa50c '${csp_f74fa50c}img-src https://textpattern.com data: \'self\';';