Festive Eugen is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Festive Eugen @Gargron

If you're an instance admin please double-check the CSP headers you've set in nginx if you have any, because you might be bricking the embedding functionality.

· Web · 26 · 11

@Gargron

is it okay if I re-boost this a couple more times later to get it visible again repeatedly? (presuming it doesn't, like, explode everywhere out of people trying to be helpful and spread it around and all)

@sydneyfalk Yes, you don't have to ask me for permission for that

@Gargron

just figured it'd be polite, wanted to be sure <3

^_^ trying to be helpful, not obnoxious, that's all

@Gargron On #Friendica we use a local proxy feature for OEmbed, so that it's on the same domain as the node.

Ex: friendica.mrpetovan.com/oembed

Where aHR0cHM6Ly90d2l0dGVyLmNvbS9ldmVyeWRheWxvdWllL3N0YXR1cy85Mzg4MDc1MzA1MTU0MTUwNDA= simply is the base64 encode of the target URL.

@Gargron i've been using this forever:

add_header Content-Security-Policy "style-src 'self' 'unsafe-inline'; script-src 'self'; object-src 'self'; img-src data: https:; media-src data: https:; connect-src 'self' wss://awoo.space; upgrade-insecure-requests";

@Gargron what shall we double-check them against?