From 8af2f8cf707bf6e4170242338d70cbb738d0d353 Mon Sep 17 00:00:00 2001
From: James Blair <mail@jamesblair.net>
Date: Tue, 2 Aug 2022 13:12:55 +1200
Subject: [PATCH] Fix jellyfin content security policy for chromecast.

---
 jellyfin/Chart.yaml  | 2 +-
 jellyfin/values.yaml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/jellyfin/Chart.yaml b/jellyfin/Chart.yaml
index 60d111d..22604d7 100644
--- a/jellyfin/Chart.yaml
+++ b/jellyfin/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
 name: jellyfin
 description: A helm chart for deploying the jellyfin media server on kubernetes.
 type: application
-version: 0.1.3
+version: 0.1.4
 appVersion: "10.8.1-amd64"
diff --git a/jellyfin/values.yaml b/jellyfin/values.yaml
index 5097d09..da9de4c 100644
--- a/jellyfin/values.yaml
+++ b/jellyfin/values.yaml
@@ -21,13 +21,13 @@ ingress:
     nginx.ingress.kubernetes.io/proxy-body-size: 10G
     cert-manager.io/cluster-issuer: "letsencrypt-prod"
     nginx.ingress.kubernetes.io/configuration-snippet: |
-      more_clear_headers "X-Powered-By"
+      more_clear_headers "X-Powered-By";
       more_set_headers "X-XSS-Protection: 1";
       more_set_headers "X-Frame-Options: SAMEORIGIN";
       more_set_headers "X-Content-Type-Options: nosniff";
       more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
       more_set_headers "Permissions-Policy: geolocation=(none);midi=(self);notifications=(self);push=(self);sync-xhr=();microphone=(none);camera=(none);magnetometer=(none);gyroscope=(none);speaker=(self);vibrate=(self);fullscreen=(self);payment=(none);";
-      more_set_headers "Content-Security-Policy: base-uri 'none'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self'; media-src 'self' data:; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'";
+      more_set_headers "Content-Security-Policy: base-uri 'none'; manifest-src 'self'; connect-src 'self' wss: ws: https://mb3admin.com; font-src 'self' data: ; form-action 'self'; frame-ancestors 'self'; worker-src 'self' blob:; frame-src 'self'; img-src data: https: http:; media-src 'self' blob: data:; object-src 'none'; script-src 'self' https://www.gstatic.com; style-src 'self' 'unsafe-inline'";
   path: /
   hosts:
     - jellyfin.jamma.dev