17 lines
1.1 KiB
Bash
17 lines
1.1 KiB
Bash
|
#!/bin/bash
|
||
|
|
# Add CSP with unsafe-eval to HTTP location = / in blockscout nginx (for NPM proxy on :80)
|
||
|
|
set -e
|
||
|
|
CONFIG=/etc/nginx/sites-available/blockscout
|
||
|
|
if grep -q "Content-Security-Policy" "$CONFIG" 2>/dev/null; then
|
||
|
|
echo "CSP already present"
|
||
|
|
else
|
||
|
|
# Insert CSP line after add_header Cache-Control in first location = /
|
||
|
|
sed -i '/location = \/ {/,/try_files \/index.html =404;/{
|
||
|
|
/add_header Cache-Control "no-store, no-cache, must-revalidate"/a\
|
||
|
|
add_header Content-Security-Policy "default-src '\''self'\''; script-src '\''self'\'' '\''unsafe-inline'\'' '\''unsafe-eval'\'' https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com; style-src '\''self'\'' '\''unsafe-inline'\'' https://cdnjs.cloudflare.com; img-src '\''self'\'' data: https:; font-src '\''self'\'' https://cdnjs.cloudflare.com; connect-src '\''self'\'' https://explorer.d-bis.org wss://explorer.d-bis.org https://rpc-http-pub.d-bis.org wss://rpc-ws-pub.d-bis.org http://192.168.11.221:8545 ws://192.168.11.221:8546;" always;
|
||
|
|
}' "$CONFIG"
|
||
|
|
echo "Added CSP to HTTP location = /"
|
||
|
|
fi
|
||
|
|
nginx -t && systemctl reload nginx
|
||
|
|
echo "Done"
|