From 7a9c8db94781e7b902009c685e5de9dbe7568bf6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charlotte=20=F0=9F=A6=9D=20Delenk?= <lotte@chir.rs>
Date: Fri, 26 May 2023 12:51:29 +0100
Subject: [PATCH] disable scripts in the CSP

---
 config/services/akkoma/default.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/config/services/akkoma/default.nix b/config/services/akkoma/default.nix
index 52eb3b61..94f86ebc 100644
--- a/config/services/akkoma/default.nix
+++ b/config/services/akkoma/default.nix
@@ -291,11 +291,15 @@ in {
         header Via BunnyCDN
       }
       route /media/* {
-        reverse_proxy @isbunny http://127.0.0.1:4000
+        reverse_proxy @isbunny http://127.0.0.1:4000 {
+          header_down Content-Security-Policy "script-src 'none';"
+        }
         respond "Use the cdn" 403
       }
       route /proxy/* {
-        reverse_proxy @isbunny http://127.0.0.1:4000
+        reverse_proxy @isbunny http://127.0.0.1:4000 {
+          header_down Content-Security-Policy "script-src 'none';"
+        }
         respond "Use the cdn" 403
       }
       handle {