Skip to content

Commit f442975

Browse files
committed
playvideos: updates README.md for CSP instructions
Signed-off-by: Thibaud CANALE <[email protected]>
1 parent 5ab9d48 commit f442975

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

plugins/playvideos/README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,12 +13,12 @@ This is a default Shaarli plugin, you just have to enable it. See [Shaarli confi
1313

1414
#### Troubleshooting
1515

16-
If your server has [Content Security Policy](http://content-security-policy.com/) headers enabled, this may prevent the script from loading fully. You should relax the CSP in your server settings. Example CSP rule for apache2:
16+
If your server has [Content Security Policy](https://content-security-policy.com/) headers enabled, this may prevent the script from loading fully. This plugin only requires to accept content from Youtube servers, so simply allow `https://www.youtube.com` as source for `script-src` and `frame-src` in your server settings. Example CSP rule for apache2:
1717

1818
```apache
1919
<Directory /path/to/shaarli>
2020
# Required for playvideos plugin
21-
Header set Content-Security-Policy "script-src 'self' 'unsafe-inline' https://www.youtube.com https://s.ytimg.com 'unsafe-eval'"
21+
Header set Content-Security-Policy "default-src 'none'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'; script-src 'self' https://www.youtube.com; connect-src 'self'; frame-src 'self' https://www.youtube.com; img-src 'self' data:; style-src 'self'; font-src 'self'"
2222
</Directory>
2323
```
2424

0 commit comments

Comments
 (0)