Mercurial > prosody-modules
comparison mod_http_oauth2/README.markdown @ 5547:d4a2997deae9
mod_http_oauth2: Make CSP configurable
E.g. to enable forbidding all scripts if you don't use any scripts, or
allow scripts from your separate static content domain, etc.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 11 Jun 2023 14:06:28 +0200 |
| parents | ae20da6d377d |
| children | d6ab6f0bd96e |
comparison
equal
deleted
inserted
replaced
| 5546:ae20da6d377d | 5547:d4a2997deae9 |
|---|---|
| 81 | 81 |
| 82 ```lua | 82 ```lua |
| 83 oauth2_template_style = { | 83 oauth2_template_style = { |
| 84 background_colour = "#ffffff"; | 84 background_colour = "#ffffff"; |
| 85 } | 85 } |
| 86 ``` | |
| 87 | |
| 88 If you know what features your templates use use you can adjust the | |
| 89 `Content-Security-Policy` header to only allow what is needed: | |
| 90 | |
| 91 ```lua | |
| 92 oauth2_security_policy = "default-src 'self'" -- this is the default | |
| 86 ``` | 93 ``` |
| 87 | 94 |
| 88 ### Token parameters | 95 ### Token parameters |
| 89 | 96 |
| 90 The following options configure the lifetime of tokens issued by the module. | 97 The following options configure the lifetime of tokens issued by the module. |