From f745e5d0826b2d7c4074ef260e84878fd73f7f8e Mon Sep 17 00:00:00 2001 From: Lars Date: Fri, 8 May 2026 11:15:19 +0200 Subject: [PATCH] feat(nginx): add media location handling with Content-Security-Policy - Implemented specific location blocks for `/media` and `/media/` to serve the React media library correctly. - Added Content-Security-Policy headers to enhance security for media resources. - Ensured proper handling of requests to prevent 404 errors on media reloads. --- frontend/nginx.conf | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/frontend/nginx.conf b/frontend/nginx.conf index 2a0cc31..efe13dc 100644 --- a/frontend/nginx.conf +++ b/frontend/nginx.conf @@ -17,6 +17,17 @@ server { # bei multipart ggf. Summe mehrerer Dateien sein (Backend praxis: bis 1024 MB Admin). client_max_body_size 1024m; + # Medienbibliothek (React /media) — vor location ^~ /media/: sonst liefert ein Reload + # auf /media/ den FastAPI StaticFiles-Mount unter /media und der Browser zeigt {"detail":"Not Found"}. + location = /media { + add_header Content-Security-Policy "default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; connect-src 'self'; media-src 'self' blob: data:; worker-src 'self' blob:; manifest-src 'self';" always; + try_files /index.html =404; + } + location = /media/ { + add_header Content-Security-Policy "default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; connect-src 'self'; media-src 'self' blob: data:; worker-src 'self' blob:; manifest-src 'self';" always; + try_files /index.html =404; + } + location ^~ /api/ { set $docker_backend_svc backend; proxy_pass http://$docker_backend_svc:8000$request_uri;