From 08abc5aa5c729ece09b7811481a897c6c8539cbb Mon Sep 17 00:00:00 2001
From: Dominik George <dominik.george@teckids.org>
Date: Mon, 15 Apr 2024 20:06:43 +0200
Subject: [PATCH] Allow iframes from *.teckids.org

---
 Caddyfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Caddyfile b/Caddyfile
index b87b72e8..322a3b28 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -4,7 +4,7 @@ http:// {
     file_server
 
     header {
-        Content-Security-Policy "default-src 'self'; img-src 'self' data:; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'"
+        Content-Security-Policy default-src 'self' *.teckids.org; img-src 'self' data: *.teckids.org; media-src 'self' *.teckids.org; object-src 'self' *.teckids.org; frame-src 'self' *.teckids.org; form-action 'self' *.teckids.org
         X-Content-Type-Options  nosniff
         Referrer-Policy         strict-origin-when-cross-origin
     }
-- 
GitLab