mstdn.starnix.network is one of the many independent Mastodon servers you can use to participate in the fediverse.
Starnix is a Fediverse/ActivityPub Focused platform. Topics are mainly Technology and computer related but are not required to fall into those categories.
@kirby@meso@nekofagIt simply isn’t how CSP works. When you request /, you get the CSP then and there. It doesn’t matter what the CSP headers are on requests made from inside that page. Resources are either allowed or blocked before they’re requested, not after you have a response.
@kirby@meso@nekofagCSP absolutely does work and is necessary. It specifically prevents this type of attack. But you have to move your media to a subdomain for it to work properly.
@Arrian@meso@kirby@nekofag"sandbox" is the not magic term. Including a CSP header at all puts the page into whitelist mode, and you can't unwhitelist a resource you already whitelisted.
@nekofag@kirby oh right. it adds content-security-policy: sandbox to any resource in media/proxy, should be easy to make an equivalent for apache. i think you already did something so it might not be necessary but still a nice security tweak
@kirby@paulo depends on where you put it, you can put it anywhere inside sites-available
the way it works is sites-available is just a random directory, in apache it meant something but it's just a directory to store configs that don't do anything, then you symlink those configs to sites-enabled/ folder and you include sites-enabled/* inside nginx.conf so that all the configs there which are symlinked work
@paulo@kirby i just make symlinks, if it symlinks the two folders entirely there's no point to it, just use a confs/ directory or something and include it in nginx