Lookin for advice setting Content Security Policy for Zoneminder
Posted: Wed Sep 02, 2020 1:47 pm
I have zoneminder running on Debian 10 and was going over the usual website benchmarks like ssllabs and mozilla. According to mozilla the current trend is to migrate from the X-Frames based options to using Content Security Policy options in the ssl configuration.
I started playing around with it but I end up mostly breaking zoneminder when setting up any restrictions.
Even restricting content sources to my *.mysubdomain.com creates an annoying issue where I can access a camera config, but only the first page of it, clicking on any of the tabs ceases to work. I find this sort of funny since I sure hope all of the zoneminder page is being served by my domain and wouldn't think this much of a site breaker but it is. Though I am not exactly familiar setting these policies.
Does anyone here have a good CSP config for zoneminder they're willing to share?
I am running a vanilla debian lamp install, so openssl 1.1.1.d and apache2 2.4.38-3
Thanks
I started playing around with it but I end up mostly breaking zoneminder when setting up any restrictions.
Even restricting content sources to my *.mysubdomain.com creates an annoying issue where I can access a camera config, but only the first page of it, clicking on any of the tabs ceases to work. I find this sort of funny since I sure hope all of the zoneminder page is being served by my domain and wouldn't think this much of a site breaker but it is. Though I am not exactly familiar setting these policies.
Does anyone here have a good CSP config for zoneminder they're willing to share?
I am running a vanilla debian lamp install, so openssl 1.1.1.d and apache2 2.4.38-3
Thanks