michael, Re #Mastodon 4.1.3: The release notes recommend:
“The recommended configuration for reverse proxies has been updated. [...] The change is about setting
Content-Security-Policy: default-src 'none'; form-action 'none'
andX-Content-Type-Options: nosniff
on assets.”This might be a bit confusing, because of the terminology:
Those two lines ought to to into the
location ~ ^/system/
block - NOTlocation ~ ^/assets/
https://github.com/mastodon/mastodon/pull/25756/commits/8060ab945392b2fa88d75a49a09a4c5895e72f71
Add comment