mastrmind11 717 Posted March 29, 2020 Share Posted March 29, 2020 Are you all making changes directly to the web app, or are you all using proxies? proxy Link to comment Share on other sites More sharing options...
Shidapu 14 Posted March 30, 2020 Share Posted March 30, 2020 (edited) Im also a Nginx user, and i have a B+ score, but CSP has been a nightmare.. wan - cloudflare - VPN - Firewall - nginx - servers Edited March 30, 2020 by Shidapu Link to comment Share on other sites More sharing options...
jachin99 82 Posted March 30, 2020 Share Posted March 30, 2020 I have actually done this for an IIS site but never anything else. What advantages to you get with cloudfare when your using a proxy anyway? Why nginx over others? Link to comment Share on other sites More sharing options...
Spaceboy 2498 Posted March 30, 2020 Share Posted March 30, 2020 I have actually done this for an IIS site but never anything else. What advantages to you get with cloudfare when your using a proxy anyway? Why nginx over others?cloudflare obscures your IP address Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted March 30, 2020 Author Share Posted March 30, 2020 Im also a Nginx user, and i have a B+ score, but CSP has been a nightmare.. wan - cloudflare - VPN - Firewall - nginx - servers check out my CSP info page: https://emby.media/community/index.php?/topic/62193-content-security-policy-csp-development/?p=614155 1 Link to comment Share on other sites More sharing options...
Shidapu 14 Posted March 31, 2020 Share Posted March 31, 2020 (edited) check out my CSP info page: https://emby.media/community/index.php?/topic/62193-content-security-policy-csp-development/?p=614155 Sweet thanks for the link! A+. And working great so far. I also added a report-to line in that code, but not sure if its working, but the URI analyzer says its ok, though haven't gotten any reports yet. I posted in your thread, could you check if my CSP is ok? Edited March 31, 2020 by Shidapu Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted March 31, 2020 Author Share Posted March 31, 2020 (edited) Sweet thanks for the link! A+. And working great so far. I also added a report-to line in that code, but not sure if its working, but the URI analyzer says its ok, though haven't gotten any reports yet. I posted in your thread, could you check if my CSP is ok? yes, the "report uri" address sends fails... so if your CSP blocked something the client end would report what was blocked to that url. so if i went to your server and your CSP blocked something on my browser, my browser would know to "report" that block to that url so you could see it in a report. Edited March 31, 2020 by pir8radio 1 Link to comment Share on other sites More sharing options...
Shidapu 14 Posted March 31, 2020 Share Posted March 31, 2020 yes, the "report uri" address sends fails... so if your CSP blocked something the client end would report what was blocked to that url. so if i went to your server and your CSP blocked something on my browser, my browser would know to "report" that block to that url so you could see it in a report. Yeah thats what i want it to do! A good thing to make some ease of mind for me when playing with CSP in the future. Thanks alot for the good info! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now