Hello,
I use Mastodon with a Cloud Storage using a Minio server (as a gateway with OSS, the S3 from Alibaba Cloud).
I set an alias files.mydomain.tld
The image can be display in my browser by using directly the URL with files.mydomain.tld/…/image.png
But they can’t be display in the mastodon frontend.
My mastodon website is in https, but my alias can’t have https for now, so I would like to authorize simple http on it for now.
My browser display a message about the Content-Security-Policy blocking the assets, I find it was defined into live/config/initializers/content_security_policy.rb
But I don’t know how to override “Rails.configuration.action_controller.asset_host” content with my asset URL if it’s possible without editing the code. (I try to edit it after doing a backup, but after rebuild assets/… it didn’t seems to be applied as I expected…)
(The files are correctly uploaded to OSS, and the links used are valids to be display, I’m only blocked by the CSR here…)
How can I fix this?
edit:
For now, it works by adding another url after the assets_url into the content_security_policy.rb , but I don’t know if it’s easily maintainable, also, I tried CDN_HOST env variable too, but even if it change the CSP, others stuffs breaks…