diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2023-08-20 13:35:55 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2023-08-20 13:35:55 +0200 |
| commit | 1e2db7a32f72ee01497a08c67e6f7f507890ee71 (patch) | |
| tree | 76a6e64c3897ff183383bdb20b185f42cc462a16 /example | |
| parent | [feature] Instance rules (#2125) (diff) | |
| download | gotosocial-1e2db7a32f72ee01497a08c67e6f7f507890ee71.tar.xz | |
[feature/bugfix] Probe S3 storage for CSP uri, add config flag for extra URIs (#2134)
* [feature/bugfix] Probe S3 storage for CSP uri, add config flag for extra URIs
* env parsing tests, my coy mistress
Diffstat (limited to 'example')
| -rw-r--r-- | example/config.yaml | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/example/config.yaml b/example/config.yaml index 0ab2b1a3b..d3a6102bd 100644 --- a/example/config.yaml +++ b/example/config.yaml @@ -903,3 +903,21 @@ advanced-throttling-retry-after: "30s" # 2 cpu = 1 concurrent sender # 4 cpu = 1 concurrent sender advanced-sender-multiplier: 2 + +# Array of string. Extra URIs to add to 'img-src' and 'media-src' +# when building the Content-Security-Policy header for your instance. +# +# This can be used to allow the browser to load resources from additional +# sources like S3 buckets and so on when viewing your instance's pages +# and profiles in the browser. +# +# Since non-proxying S3 storage will be probed on instance launch to +# generate a correct Content-Security-Policy, you probably won't need +# to ever touch this setting, but it's included in the 'spirit of more +# configurable (usually) means more good'. +# +# See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP +# +# Example: ["s3.example.org", "some-bucket-name.s3.example.org"] +# Default: [] +advanced-csp-extra-uris: [] |