From 5ba65d3e84436d18f6fb7a2cc8a5d434b0dca7c0 Mon Sep 17 00:00:00 2001
From: Peter Havekes <peter@havekes.eu>
Date: Wed, 25 Oct 2023 14:40:25 +0200
Subject: [PATCH] Allow csp connecting to oidcng .well-known

---
 group_vars/all.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/group_vars/all.yml b/group_vars/all.yml
index 1398d229c..8f48e4908 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -36,7 +36,7 @@ httpd_csp:
   lenient_with_static_img_with_oidcng: "default-src; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self' {{ oidcng_vhost }}; img-src 'self' {{ static_vhost }} data:; form-action 'self'; base-uri 'none'"
   strict: "default-src; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self'; img-src 'self' data:; form-action 'self'; base-uri 'none'"
   strict_with_static_img: "default-src; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self'; img-src 'self' {{ static_vhost }} data:; form-action 'self'; base-uri 'none'"
-  lenient_with_static_img_for_idp: "default-src; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self'; img-src 'self' {{ static_vhost }} data:; form-action 'self' *.{{ base_domain }}; base-uri 'none'"
+  lenient_with_static_img_for_idp: "default-src; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self' {{ oidcng_vhost }}; img-src 'self' {{ static_vhost }} data:; form-action 'self' *.{{ base_domain }}; base-uri 'none'"
 
   nothing: "default-src 'none'; frame-ancestors 'none'; form-action 'none'; base-uri 'none'"