Move proxy directive to main block, allow javascript for casting

2022-04-05 17:07:56 +02:00 · 2022-04-05 17:07:56 +02:00 · b640bd32a1
commit b640bd32a1
parent 895d17ab68
1 changed files with 8 additions and 7 deletions
--- a/hosts/architect/jellyfin.nix
+++ b/hosts/architect/jellyfin.nix
@ -17,25 +17,26 @@ in {
    nginx.virtualHosts.${domain} = {
      forceSSL = true;
      enableACME = true;
+      extraConfig = ''
+        # External Javascript (such as cast_sender.js for Chromecast) must be whitelisted.
+        add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
+        # Disable buffering when the nginx proxy gets very resource heavy upon streaming
+        proxy_buffering off;
+      '';
+
      locations."/" = {
        proxyPass = "http://localhost:8096";
        extraConfig = ''
-          # Disable buffering when the nginx proxy gets very resource heavy upon streaming
-          proxy_buffering off;
-
          allow 10.0.0.0/24;
          allow 10.3.0.0/24;
          deny all;
        '';
      };
-      
+
      locations."/socket" = {
        proxyPass = "http://localhost:8096";
        proxyWebsockets = true;
        extraConfig = ''
-          # Disable buffering when the nginx proxy gets very resource heavy upon streaming
-          proxy_buffering off;
-
          allow 10.0.0.0/24;
          allow 10.3.0.0/24;
          deny all;