Hi - wow, how time flies. Been meaning to get back to update this, but âŠ
First - I would not recommend using this app. It does not appear to be being maintained - both nextcloud and PicoCMS have been updated since this was released.
I did fork the project, but have not had time to do anything other than change the version numbers and try to understand composer
Anyway - Content Security Policies.
I am running Nextcloud on a cloud.domain.name subdomain. I also have jQuery in my theme/scripts directory. These policies allow fonts and style sheets from google, and local files to be loaded.
To add the content security policies, you need to edit the Apache configuration file (or probably the htaccess file). With my setup, I have the following in the /etc/httpd/conf.d/virtualhosts.conf
file:
`
<VirtualHost *:443>
DocumentRoot "/usr/share/nextcloud"
ServerName cloud.domain.name
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
Header always set Content-Security-Policy "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'unsafe-eval' 'unsafe-inline' 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;img-src 'self' data: blob: *;font-src 'self' https://fonts.gstatic.com;connect-src 'self';media-src 'self';frame-src www.youtube.com prezi.com player.vimeo.com vine.co 'self';child-src 'self';"
Header set Referrer-Policy "no-referrer"
</IfModule>
etc
You might notice I am using nethserver. To do this in nethserver, create and edit /etc/e-smith/templates-custom/httpd/vhost-extra/10headers
and enter
{
my $nextcloudheaders = << "EOF";
<IfModule mod_headers\.c>Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
Header always set Content-Security-Policy "default-src 'none';base-uri 'none';manifest-src 'self';script-src 'unsafe-eval' 'unsafe-inline' 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;img-src 'self' data: blob: *;font-src 'self' https://fonts.gstatic.com;connect-src 'self';media-src 'self';frame-src www.youtube.com prezi.com player.vimeo.com vine.co 'self';child-src 'self';"
Header set Referrer-Policy "no-referrer"
</IfModule>
EOF
$OUT .= $nextcloudheaders if ($VhostName eq 'cloud');
}
Templates and themes
The easiest way to get these running is as follows. My Nextcloud installation is at /usr/share/nextcloud/
, and my Nextcloud data directory is at /var/lib/nethserver/nextcloud/data/
The easiest way to get it all working is to make a system link from the cms_pico directory in the nextcloud apps directory to the cms_pico directory in the nextcloud appdata directory. eg:
cd /usr/share/nextcloud/apps/cms_pico/
rm Pico
ln -s /var/lib/nethserver/nextcloud/data/appdata_abcdefghi/cms_pico/ Pico
This seems to be working for me so far
I might try to update the pico files to the latest Picocms version, or I might just install Pico in another virtual host. Or use Grav.
Hope this helps.