nginx.auth.conf: add csp header to /login

2024-04-27 14:02:58 +03:00 · 2024-04-27 14:02:58 +03:00 · f533098276
commit f533098276
parent 1406a95ed0
3 changed files with 5 additions and 3 deletions
--- a/config/include/csp-header.conf
+++ b/config/include/csp-header.conf
@ -0,0 +1 @@
+ add_header Content-Security-Policy "$CSP_UPGRADE_INSECURE_REQUESTS $CSP_DEFAULT_SRC $CSP_BASE_URI $CSP_CONNECT_SRC $CSP_WORKER_SRC $CSP_FONT_SRC $CSP_SCRIPT_SRC $CSP_STYLE_SRC $CSP_OBJECT_SRC $CSP_FRAME_ANCESTORS";
--- a/config/nginx.auth.conf
+++ b/config/nginx.auth.conf
@ -40,6 +40,8 @@ server {

    location /login {
        proxy_pass               $login_proxy;
+
+        include                  /etc/nginx/include/csp-header.conf;
    }

    location ~ ^/(logout|get-user)$ {
@ -56,8 +58,7 @@ server {
        proxy_cache_bypass       $http_upgrade;

        include                  /etc/nginx/include/auth.conf;
-
-        add_header               Content-Security-Policy "$CSP_UPGRADE_INSECURE_REQUESTS $CSP_DEFAULT_SRC $CSP_BASE_URI $CSP_CONNECT_SRC $CSP_WORKER_SRC $CSP_FONT_SRC $CSP_SCRIPT_SRC $CSP_STYLE_SRC $CSP_OBJECT_SRC $CSP_FRAME_ANCESTORS";
+        include                  /etc/nginx/include/csp-header.conf;
    }

    location = /health {
--- a/config/nginx.off.conf
+++ b/config/nginx.off.conf
@ -19,7 +19,7 @@ server {
        proxy_set_header    Host $host;
        proxy_cache_bypass  $http_upgrade;

-        add_header          Content-Security-Policy "$CSP_UPGRADE_INSECURE_REQUESTS $CSP_DEFAULT_SRC $CSP_BASE_URI $CSP_CONNECT_SRC $CSP_WORKER_SRC $CSP_FONT_SRC $CSP_SCRIPT_SRC $CSP_STYLE_SRC $CSP_OBJECT_SRC $CSP_FRAME_ANCESTORS";
+        include             /etc/nginx/include/csp-header.conf;
    }

    location = /health {
				`@ -0,0 +1 @@`
				`add_header Content-Security-Policy "$CSP_UPGRADE_INSECURE_REQUESTS $CSP_DEFAULT_SRC $CSP_BASE_URI $CSP_CONNECT_SRC $CSP_WORKER_SRC $CSP_FONT_SRC $CSP_SCRIPT_SRC $CSP_STYLE_SRC $CSP_OBJECT_SRC $CSP_FRAME_ANCESTORS";`