From 1bfb7747d62f135a36fabdc31504cc8d0c55d0f7 Mon Sep 17 00:00:00 2001
From: NGUYEN DINH Quoc-Huy <quochuy@gmail.com>
Date: Thu, 4 Mar 2021 22:42:25 +1100
Subject: [PATCH] Fix permission for reddit

---
 config/default.json           | 6 +++---
 docker-compose.dev.yml        | 5 +++--
 docker-compose.localbuild.yml | 5 +++--
 docker-compose.prod.yml       | 5 +++--
 docker-compose.staging.yml    | 5 +++--
 5 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/config/default.json b/config/default.json
index 0b6ad1c84..ecbc7dd74 100644
--- a/config/default.json
+++ b/config/default.json
@@ -4,16 +4,16 @@
   "helmet": {
     "directives": {
       "childSrc": "'self' 3speak.online emb.d.tube player.twitch.tv www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com",
-      "connectSrc": "https://images.hive.blog 'self' hive.blog https://api.hive.blog api.blocktrades.us https://anyx.io https://hivesigner.com https://hivebuzz.me https://peakd.com https://api.deathwing.me",
+      "connectSrc": "https://images.hive.blog 'self' hive.blog https://api.hive.blog api.blocktrades.us https://anyx.io https://hivesigner.com https://hivebuzz.me https://peakd.com https://api.deathwing.me https://www.reddit.com",
       "defaultSrc": "tpc.googlesyndication.com 'self' img.3speakcontent.online emb.d.tube www.youtube.com staticxx.facebook.com player.vimeo.com *.streamrail.com",
-      "fontSrc": "data: fonts.gstatic.com",
+      "fontSrc": "data: fonts.gstatic.com cdn.embedly.com",
       "frameAncestors": "'none'",
       "frameSrc": "'self' https:",
       "imgSrc": "* data:",
       "objectSrc": "'none'",
       "pluginTypes": "application/pdf",
       "scriptSrc": "'unsafe-inline' 'unsafe-eval' data: https: 'self' www.google-analytics.com connect.facebook.net",
-      "styleSrc": "'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com embed.redditmedia.com",
+      "styleSrc": "'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com www.reddit.com cdn.embedly.com",
       "reportUri": "/api/v1/csp_violation"
     },
     "reportOnly": false,
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
index 976e4fa2f..fecd6e4a8 100644
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@@ -19,8 +19,9 @@ services:
 
             SDC_IMAGE_PROXY_PREFIX: https://images.hive.blog/
             SDC_UPLOAD_IMAGE_URL: https://images.hive.blog
-            SDC_HELMET_CONNECTSRC: "'self' http://hiveblog.local https://api.hive.blog https://images.hive.blog"
-            SDC_HELMET_STYLESRC: "'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com embed.redditmedia.com"
+            SDC_HELMET_CONNECTSRC: "'self' http://hiveblog.local https://api.hive.blog https://images.hive.blog https://www.reddit.com"
+            SDC_HELMET_STYLESRC: "'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com www.reddit.com cdn.embedly.com"
+            SDC_HELMET_FONTSRC: "data: fonts.gstatic.com cdn.embedly.com"
         volumes:
             - ./yarn.lock:/var/app/yarn.lock
             - ./package.json:/var/app/package.json
diff --git a/docker-compose.localbuild.yml b/docker-compose.localbuild.yml
index 181e65707..a620a6487 100644
--- a/docker-compose.localbuild.yml
+++ b/docker-compose.localbuild.yml
@@ -11,8 +11,9 @@ services:
             SDC_SITE_DOMAIN: hive.blog
             SDC_IMAGE_PROXY_PREFIX: https://images.hive.blog/
             SDC_UPLOAD_IMAGE_URL: https://images.hive.blog
-            SDC_HELMET_CONNECTSRC: "'self' hive.blog https://hive.blog https://api.hive.blog https://anyx.io api.blocktrades.us https://images.hive.blog https://hivebuzz.me https://peakd.com"
-            SDC_HELMET_STYLESRC: "'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com embed.redditmedia.com"
+            SDC_HELMET_CONNECTSRC: "'self' hive.blog https://hive.blog https://api.hive.blog https://anyx.io api.blocktrades.us https://images.hive.blog https://hivebuzz.me https://peakd.com https://www.reddit.com"
+            SDC_HELMET_STYLESRC: "'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com www.reddit.com cdn.embedly.com"
+            SDC_HELMET_FONTSRC: "data: fonts.gstatic.com cdn.embedly.com"
             WALLET_URL: https://wallet.hive.blog
         networks:
             - reverse-proxy
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index c1f0e901d..eabbcded2 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -30,8 +30,9 @@ services:
             SDC_IMAGE_PROXY_PREFIX: https://images.hive.blog/
             SDC_UPLOAD_IMAGE_URL: https://images.hive.blog
             SDC_ALT_API_ENDPOINTS: "https://api.hive.blog https://anyx.io https://api.openhive.network https://api.hivekings.com"
-            SDC_HELMET_CONNECTSRC: "'self' hive.blog https://hive.blog https://images.hive.blog https://api.hive.blog https://anyx.io https://api.openhive.network https://api.hivekings.com https://hivebuzz.me https://peakd.com"
-            SDC_HELMET_STYLESRC: "'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com embed.redditmedia.com"
+            SDC_HELMET_CONNECTSRC: "'self' hive.blog https://hive.blog https://images.hive.blog https://api.hive.blog https://anyx.io https://api.openhive.network https://api.hivekings.com https://hivebuzz.me https://peakd.com https://www.reddit.com"
+            SDC_HELMET_STYLESRC: "'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com www.reddit.com cdn.embedly.com"
+            SDC_HELMET_FONTSRC: "data: fonts.gstatic.com cdn.embedly.com"
             WALLET_URL: https://wallet.hive.blog
         networks:
             - reverse-proxy
diff --git a/docker-compose.staging.yml b/docker-compose.staging.yml
index 9ad7cdcc8..04cdeffea 100644
--- a/docker-compose.staging.yml
+++ b/docker-compose.staging.yml
@@ -13,8 +13,9 @@ services:
          SDC_SITE_DOMAIN: staging-blog.hive.io
          SDC_IMAGE_PROXY_PREFIX: https://images.hive.blog/
          SDC_UPLOAD_IMAGE_URL: https://images.hive.blog
-         SDC_HELMET_CONNECTSRC: "'self' https://api.hive.blog https://staging.hive.blog https://images.hive.blog https://anyx.io https://api.openhive.network https://api.hivekings.com https://hivebuzz.me https://peakd.com"
-         SDC_HELMET_STYLESRC: "'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com embed.redditmedia.com"
+         SDC_HELMET_CONNECTSRC: "'self' https://api.hive.blog https://staging.hive.blog https://images.hive.blog https://anyx.io https://api.openhive.network https://api.hivekings.com https://hivebuzz.me https://peakd.com https://www.reddit.com"
+         SDC_HELMET_STYLESRC: "'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com www.reddit.com cdn.embedly.com"
+         SDC_HELMET_FONTSRC: "data: fonts.gstatic.com cdn.embedly.com"
          WALLET_URL: https://wallet.hive.blog
      networks:
          - reverse-proxy
-- 
GitLab