Software /
code /
prosody-modules
Diff
mod_http_oauth2/README.markdown @ 5547:d4a2997deae9
mod_http_oauth2: Make CSP configurable
E.g. to enable forbidding all scripts if you don't use any scripts, or
allow scripts from your separate static content domain, etc.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sun, 11 Jun 2023 14:06:28 +0200 |
parent | 5546:ae20da6d377d |
child | 5561:d6ab6f0bd96e |
line wrap: on
line diff
--- a/mod_http_oauth2/README.markdown Sun Jun 11 14:03:27 2023 +0200 +++ b/mod_http_oauth2/README.markdown Sun Jun 11 14:06:28 2023 +0200 @@ -85,6 +85,13 @@ } ``` +If you know what features your templates use use you can adjust the +`Content-Security-Policy` header to only allow what is needed: + +```lua +oauth2_security_policy = "default-src 'self'" -- this is the default +``` + ### Token parameters The following options configure the lifetime of tokens issued by the module.