fix(proxy): update tests and example configs for font-src data: CSP change

Update acceptance tests and all deployment example CSP configs to include
'data:' in font-src, consistent with the default csp.yaml change.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Paul Faure
2026-03-10 22:22:00 -04:00
parent d8984c4c06
commit d4367fb224
9 changed files with 10 additions and 2 deletions

View File

@@ -13,6 +13,7 @@ directives:
- '''none'''
font-src:
- '''self'''
- 'data:'
frame-ancestors:
- '''self'''
frame-src:

View File

@@ -11,6 +11,7 @@ directives:
- '''none'''
font-src:
- '''self'''
- 'data:'
frame-ancestors:
- '''none'''
frame-src:

View File

@@ -10,6 +10,7 @@ directives:
- '''none'''
font-src:
- '''self'''
- 'data:'
frame-ancestors:
- '''self'''
frame-src:

View File

@@ -11,6 +11,7 @@ directives:
- '''none'''
font-src:
- '''self'''
- 'data:'
frame-ancestors:
- '''none'''
frame-src:

View File

@@ -9,6 +9,7 @@ directives:
- '''none'''
font-src:
- '''self'''
- 'data:'
frame-ancestors:
- '''self'''
frame-src:

View File

@@ -9,6 +9,7 @@ directives:
- '''none'''
font-src:
- '''self'''
- 'data:'
frame-ancestors:
- '''self'''
frame-src:

View File

@@ -9,6 +9,7 @@ directives:
- '''none'''
font-src:
- '''self'''
- 'data:'
frame-ancestors:
- '''self'''
frame-src:

View File

@@ -219,7 +219,7 @@ Feature: download file
And the following headers should be set
| header | value |
| Content-Disposition | attachment; filename*=UTF-8''<encoded-file-name>; filename="<file-name>" |
| Content-Security-Policy | child-src 'self'; connect-src 'self' blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/; default-src 'none'; font-src 'self'; frame-ancestors 'self'; frame-src 'self' blob: https://embed.diagrams.net/; img-src 'self' data: blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/; manifest-src 'self'; media-src 'self'; object-src 'self' blob:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' |
| Content-Security-Policy | child-src 'self'; connect-src 'self' blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/; default-src 'none'; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' blob: https://embed.diagrams.net/; img-src 'self' data: blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/; manifest-src 'self'; media-src 'self'; object-src 'self' blob:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' |
| X-Content-Type-Options | nosniff |
| X-Frame-Options | SAMEORIGIN |
| X-Permitted-Cross-Domain-Policies | none |
@@ -246,7 +246,7 @@ Feature: download file
And the following headers should be set
| header | value |
| Content-Disposition | attachment; filename*=UTF-8''%22quote%22double%22.txt; filename=""quote"double".txt" |
| Content-Security-Policy | child-src 'self'; connect-src 'self' blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/; default-src 'none'; font-src 'self'; frame-ancestors 'self'; frame-src 'self' blob: https://embed.diagrams.net/; img-src 'self' data: blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/; manifest-src 'self'; media-src 'self'; object-src 'self' blob:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' |
| Content-Security-Policy | child-src 'self'; connect-src 'self' blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/; default-src 'none'; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' blob: https://embed.diagrams.net/; img-src 'self' data: blob: https://raw.githubusercontent.com/owncloud/awesome-ocis/; manifest-src 'self'; media-src 'self'; object-src 'self' blob:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' |
| X-Content-Type-Options | nosniff |
| X-Frame-Options | SAMEORIGIN |
| X-Permitted-Cross-Domain-Policies | none |

View File

@@ -11,6 +11,7 @@ directives:
- '''none'''
font-src:
- '''self'''
- 'data:'
frame-ancestors:
- '''none'''
frame-src: