From f533098276b258f0667a9fa29b79a052d05072b5 Mon Sep 17 00:00:00 2001 From: vchikalkin Date: Sat, 27 Apr 2024 14:02:58 +0300 Subject: [PATCH] nginx.auth.conf: add csp header to /login --- config/include/csp-header.conf | 1 + config/nginx.auth.conf | 5 +++-- config/nginx.off.conf | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) create mode 100644 config/include/csp-header.conf diff --git a/config/include/csp-header.conf b/config/include/csp-header.conf new file mode 100644 index 0000000..bf9121c --- /dev/null +++ b/config/include/csp-header.conf @@ -0,0 +1 @@ + add_header Content-Security-Policy "$CSP_UPGRADE_INSECURE_REQUESTS $CSP_DEFAULT_SRC $CSP_BASE_URI $CSP_CONNECT_SRC $CSP_WORKER_SRC $CSP_FONT_SRC $CSP_SCRIPT_SRC $CSP_STYLE_SRC $CSP_OBJECT_SRC $CSP_FRAME_ANCESTORS"; diff --git a/config/nginx.auth.conf b/config/nginx.auth.conf index ec9b102..aba8315 100644 --- a/config/nginx.auth.conf +++ b/config/nginx.auth.conf @@ -40,6 +40,8 @@ server { location /login { proxy_pass $login_proxy; + + include /etc/nginx/include/csp-header.conf; } location ~ ^/(logout|get-user)$ { @@ -56,8 +58,7 @@ server { proxy_cache_bypass $http_upgrade; include /etc/nginx/include/auth.conf; - - add_header Content-Security-Policy "$CSP_UPGRADE_INSECURE_REQUESTS $CSP_DEFAULT_SRC $CSP_BASE_URI $CSP_CONNECT_SRC $CSP_WORKER_SRC $CSP_FONT_SRC $CSP_SCRIPT_SRC $CSP_STYLE_SRC $CSP_OBJECT_SRC $CSP_FRAME_ANCESTORS"; + include /etc/nginx/include/csp-header.conf; } location = /health { diff --git a/config/nginx.off.conf b/config/nginx.off.conf index ab6edc0..136b3cc 100644 --- a/config/nginx.off.conf +++ b/config/nginx.off.conf @@ -19,7 +19,7 @@ server { proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; - add_header Content-Security-Policy "$CSP_UPGRADE_INSECURE_REQUESTS $CSP_DEFAULT_SRC $CSP_BASE_URI $CSP_CONNECT_SRC $CSP_WORKER_SRC $CSP_FONT_SRC $CSP_SCRIPT_SRC $CSP_STYLE_SRC $CSP_OBJECT_SRC $CSP_FRAME_ANCESTORS"; + include /etc/nginx/include/csp-header.conf; } location = /health {