salt-fr: Content-Security-Policy.

2023-03-23 11:15:33 +01:00 · 2023-03-23 11:15:33 +01:00 · 7589df21b3
parent 0a6cd8910d
commit 7589df21b3
2 changed files with 5 additions and 2 deletions
--- a/afpy.org.yml
+++ b/afpy.org.yml
@ -224,6 +224,9 @@
        nginx_domain: salt-fr.afpy.org
        nginx_certificates: [salt-fr.afpy.org]
        nginx_public_deploy_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVrME7+AYhM4n6opE5gVJbWsZHLETucV2wV+kDvnLk3"
+        nginx_extra: |
+          add_header Content-Security-Policy "default-src 'none'; font-src https://cdnjs.cloudflare.com; img-src 'self' https://www.gravatar.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; script-src 'self' https://cdnjs.cloudflare.com; frame-ancestors 'self'";
+          add_header X-Content-Type-Options "nosniff";

    - name: Setup nantes.afpy.org
      include_role: name=nginx
--- a/roles/nginx/defaults/main.yml
+++ b/roles/nginx/defaults/main.yml
@ -1,7 +1,7 @@
 ---

 certbot_authenticator: gandi
-
+nginx_extra: ''
 nginx_conf: |
  server
  {
@ -17,7 +17,7 @@ nginx_conf: |
      charset utf-8;
      server_name {{ nginx_domain }};
      include snippets/letsencrypt-{{ nginx_domain }}.conf;
-
      root {{ nginx_path }};
      index index.html;
+      {{ nginx_extra }}
  }