Add notes about CSP

Signed-off-by: Tommy <contact@tommytran.io>
Add port 8448
2023-03-16 11:26:30 -04:00 · 2023-03-16 07:44:05 -04:00
2 changed files with 9 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -21,3 +21,11 @@ Matrix Synapse Docker-Compose
 9. Uncomment the security options for postgres. Run `docker-compose up -d` again.
 10. Create a user for mjolnir
 11. Copy the config from https://github.com/matrix-org/mjolnir/blob/main/config/default.yaml to `./mjolnir/config/production.yaml` and edit it accordingly. If you want Mjolnir to recieve reports instead of Synapse, make it listen on `0.0.0.0:8081`. You will also need to uncomment the approprieate lines in `./swag/nginx/proxy-confs/synapse.subdomain.conf` as well.
+
+## Notes
+
+The CSP policies in `swag/nginx/ssl.conf` is slightly stricter on [ArcticFoxes Element](https://element.arcticfoxes.net) as it does not support third party servers:
+
+```
+add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://arcticfoxes.net https://matrix.arcticfoxes.net; font-src 'self'; img-src 'self' https://arcticfoxes.net https://matrix.arcticfoxes.net blob: data:; manifest-src 'self'; media-src https://matrix.arcticfoxes.net; script-src 'self' 'unsafe-eval' https://www.recaptcha.net https://www.gstatic.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.recaptcha.net blob:; frame-ancestors 'self'; block-all-mixed-content; base-uri 'none'";
+```
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -99,6 +99,7 @@ services:
    ports:
      - 443:443
      - 80:80
+      - 8448:8448
    networks:
      - matrix
      - element
Author	SHA1	Message	Date
Tommy	487c2a2c1f	Add notes about CSP Signed-off-by: Tommy <contact@tommytran.io>	2023-03-16 11:26:30 -04:00
Tommy	920d69e5f6	Add port 8448 Signed-off-by: Tommy <contact@tommytran.io>	2023-03-16 07:44:05 -04:00