From 795bd0eac78611994873b7b7422f7a63aa378719 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 8 Mar 2017 19:00:44 +0100
Subject: [PATCH] firefox considers style in .svg things "unsafe-inline"
 settings, so we need a different CSP for svg files

---
 .../templates/static-mirroring/vhost/static-vhosts-simple.erb  | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
index 3cc240028..d15ceb0f9 100644
--- a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
+++ b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
@@ -149,6 +149,9 @@
 	RewriteRule ^/source/([a-z0-9-]+)/([a-zA-Z0-9.+:~-]+)$ /${source-map:$1/$2} [L,R,NE]
 
 	Header always set Content-Security-Policy "default-src 'self'; media-src 'none'; object-src 'none';"
+	<FilesMatch "\.(svg)$">
+		Header always set Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline';"
+	</FilesMatch>
 </Macro>
 
 <%=
-- 
2.20.1