PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 11:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: admin CSP allow inline scripts

Browse Source 
script-src 'self' 'unsafe-inline' added to admin Content-Security-Policy.
default-src 'self' was blocking OverType editor init block and
the dev live-reload poller. Admin section is auth-gated so
unsafe-inline is acceptable.
This commit is contained in:
Pontoporeia
2026-04-06 16:49:14 +02:00
parent e6960f0c9c
commit b45e6c50cc
4 changed files with 21 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
scripts/deploy-server.sh
View File

@@ -84,15 +84,21 @@ else
exit 1
fi
# ── Step 4: Reload nginx ─────────────────────────────────────────────────────
printf "\n"
echo "📋 Step 4: Reloading nginx..."
echo "------------------------------"
systemctl reload nginx
ok "Nginx reloaded"
# ── Done ──────────────────────────────────────────────────────────────────────
printf "\n"
ok "Permissions fixed"
ok "Nginx config installed"
ok "Configuration validated"
printf "\n"
warn "Nginx has not been reloaded yet."
printf "Run: sudo systemctl reload nginx\n\n"
printf "After reload, verify:\n"
printf " https://posterg.erg.be/\n"
printf " • https://posterg.erg.be/admin/\n"
printf " • https://posterg.erg.be/storage/posterg.db (should 403/404)\n"
ok "Nginx reloaded"
printf "\nVerify:\n"
printf " https://posterg.erg.be/\n"
printf " https://posterg.erg.be/admin/\n"
printf " https://posterg.erg.be/storage/posterg.db (should 403/404)\n"