GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Oneesan succubus (lain@pleroma.soykaf.com)'s status on Friday, 26-May-2023 18:37:31 JST Oneesan succubus Oneesan succubus

    Just to be clear, if you run a pleroma server, it’s a very good idea to add this to your nginx config immediately:

    location ~ ^/(media|proxy) { add_header Content-Security-Policy "sandbox;";

    Most people will already not be vulnerable to this for a variety of reasons, but this will absolutely stop it.

    In conversation Friday, 26-May-2023 18:37:31 JST from pleroma.soykaf.com permalink
    • Embed this notice
      Oneesan succubus (lain@pleroma.soykaf.com)'s status on Friday, 26-May-2023 19:22:53 JST Oneesan succubus Oneesan succubus
      in reply to
      • Luca Sironi
      @luca one of them is enough, a server had their admin oauth tokens stolen using a rather elaborate attack.
      In conversation Friday, 26-May-2023 19:22:53 JST permalink
    • Embed this notice
      Luca Sironi (luca@sironi.tk)'s status on Friday, 26-May-2023 19:22:55 JST Luca Sironi Luca Sironi
      in reply to

      @lain both header ?

      like this ?

      add_header Content-Security-Policy “sandbox;”;

      add_header Content-Security-Policy “script-src ‘none’;”;

      can you please elaborate what is this attack you’re speaking of ?

      In conversation Friday, 26-May-2023 19:22:55 JST permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.