Hello!
We have installed the 3.3.4 version of the CMS in a docker container on a Ubuntu VM hosted on the Azure cloud.
Actually I’m trying to secure XIBO as much as possible and want to configure CSP (content security policy) in the apache config file.
I am not able to find a solution, but am also not very familiar with CSP configuration with the reverse proxy part etc.
Does anyone have a working config for that?
Thank you
After longer working on it, I have one solution that might works:
default-src ‘self’ ‘unsafe-inline’; connect-src ‘self’; font-src ‘self’; form-action ‘self’; img-src ‘self’ data: https://*.openstreetmap.org; script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ blob:
Maybe someone with more experience can make an advice…
The line of my xibo.conf of apache would be:
Header always set Content-Security-Policy “default-src ‘self’ ‘unsafe-inline’; connect-src ‘self’; font-src ‘self’; form-action ‘self’; img-src ‘self’ data: https://*.openstreetmap.org; script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ blob:;”
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.