From d6fd323262c70fefde0695b0ce26e24000b2fdaa Mon Sep 17 00:00:00 2001 From: Jared Vititoe Date: Tue, 30 Jun 2026 16:58:48 -0400 Subject: [PATCH] cinny: enable mozilla.org (OIDC/next-gen-auth homeserver) Now that the client supports MSC3861 OIDC login, add mozilla.org to the homeserverList and its origins to the CSP. mozilla delegates: homeserver -> mozilla.modular.im, OIDC issuer -> chat.mozilla.org, identity -> vector.im. - connect-src += mozilla.org mozilla.modular.im chat.mozilla.org vector.im - img-src += mozilla.org mozilla.modular.im Applied live to LXC 106 and synced here. Co-Authored-By: Claude Opus 4.8 --- cinny/config.json | 3 ++- cinny/nginx.conf | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/cinny/config.json b/cinny/config.json index 0d4c0df..5842ecb 100644 --- a/cinny/config.json +++ b/cinny/config.json @@ -2,7 +2,8 @@ "defaultHomeserver": 0, "homeserverList": [ "matrix.lotusguild.org", - "matrix.org" + "matrix.org", + "mozilla.org" ], "allowCustomHomeservers": false, "featuredCommunities": { diff --git a/cinny/nginx.conf b/cinny/nginx.conf index 19ac7c6..77df5a4 100644 --- a/cinny/nginx.conf +++ b/cinny/nginx.conf @@ -39,7 +39,7 @@ server { } # Content Security Policy - add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https://matrix.lotusguild.org https://matrix.org https://*.matrix.org https://drive.lotusguild.org https://media.giphy.com https://media0.giphy.com https://media1.giphy.com https://media2.giphy.com https://media3.giphy.com https://media4.giphy.com https://www.openstreetmap.org https://tile.openstreetmap.org https://api.qrserver.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://matrix.lotusguild.org wss://matrix.lotusguild.org https://matrix.org https://*.matrix.org https://api.giphy.com https://*.giphy.com wss:; media-src 'self' https: blob:; frame-src 'self' https://www.openstreetmap.org; worker-src 'self' blob:; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self';" always; + add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https://matrix.lotusguild.org https://matrix.org https://*.matrix.org https://mozilla.org https://mozilla.modular.im https://drive.lotusguild.org https://media.giphy.com https://media0.giphy.com https://media1.giphy.com https://media2.giphy.com https://media3.giphy.com https://media4.giphy.com https://www.openstreetmap.org https://tile.openstreetmap.org https://api.qrserver.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://matrix.lotusguild.org wss://matrix.lotusguild.org https://matrix.org https://*.matrix.org https://mozilla.org https://mozilla.modular.im https://chat.mozilla.org https://vector.im https://api.giphy.com https://*.giphy.com wss:; media-src 'self' https: blob:; frame-src 'self' https://www.openstreetmap.org; worker-src 'self' blob:; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self';" always; # Service worker must never be cached so updates are picked up immediately location = /sw.js {