Skip to content

Commit

Permalink
PS-743 add csp frame-src and frame-ancestors (#501)
Browse files Browse the repository at this point in the history
  • Loading branch information
4rthem authored Dec 10, 2024
1 parent bb8482a commit ea87372
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 2 deletions.
9 changes: 9 additions & 0 deletions dashboard/client/docker/entrypoint.d/02-frame-ancestro-csp.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
#!/bin/sh

COMPLETE_FILE="/etc/nginx/tpl/frame-ancestors.ok"
if [ -d "$(dirname "${COMPLETE_FILE}")" ]; then
if [ ! -f "${COMPLETE_FILE}" ]; then
touch "${COMPLETE_FILE}"
sed -i "s/frame-ancestors 'self'/frame-ancestors 'self' https:/" /etc/nginx/tpl/default.conf
fi
fi
2 changes: 1 addition & 1 deletion expose/api/docker/nginx/tpl/default.conf
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ server {

add_header X-Robots-Tag "noindex, nofollow";
add_header X-Content-Type-Options "nosniff";
add_header Content-Security-Policy "frame-ancestors 'self' ${DASHBOARD_CLIENT_URL}";
add_header Content-Security-Policy "frame-src 'self' ${DASHBOARD_CLIENT_URL}; frame-ancestors 'self'";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

client_max_body_size $UPLOAD_MAX_FILE_SIZE;
Expand Down
2 changes: 1 addition & 1 deletion infra/docker/nginx-client-base/tpl/default.conf
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ server {

add_header X-Robots-Tag "noindex, nofollow";
add_header X-Content-Type-Options "nosniff";
add_header Content-Security-Policy "frame-ancestors 'self' ${DASHBOARD_CLIENT_URL}";
add_header Content-Security-Policy "frame-src 'self' ${DASHBOARD_CLIENT_URL}; frame-ancestors 'self'";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

root /var/app;
Expand Down

0 comments on commit ea87372

Please sign in to comment.