Update CSP headers

author: Patrick Spek <p.spek@tyil.nl> 2024-02-04 10:33:01 +0100
committer: Patrick Spek <p.spek@tyil.nl> 2024-02-04 10:33:01 +0100
commit: 12277a8498a3869d64b9230153965a0970319b81 (patch)
tree: 3c907464831a37395efb1aa73780e27d674924a3 /data.d
parent: 0755683758baa10f516e20c4c82dcca21a85e71c (diff)
3 files changed, 32 insertions, 3 deletions
diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml
index c19e4f6..f88167f 100644
--- a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml
@@ -8,5 +8,17 @@ spec:
   headers:
     stsPreload: true
     forceSTSHeader: true
-    contentSecurityPolicy: "default-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:; worker-src *"
+    contentSecurityPolicy: >-
+      default-src
+        'self'
+        'unsafe-eval'
+        'unsafe-inline'
+        ;
+      img-src
+        'self'
+        data:
+        ;
+      worker-src
+        *
+        ;
 ...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml
index d8e4001..8619e15 100644
--- a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml
@@ -8,5 +8,11 @@ spec:
   headers:
     stsPreload: true
     forceSTSHeader: true
-    contentSecurityPolicy: "default-src 'self'; style-src 'unsafe-inline'"
+    contentSecurityPolicy: >-
+      default-src
+        'self'
+        ;
+      style-src
+        'unsafe-inline'
+        ;
 ...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml
index e3b4179..f013ab2 100644
--- a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml
@@ -8,5 +8,16 @@ spec:
   headers:
     stsPreload: true
     forceSTSHeader: true
-    contentSecurityPolicy: "default-src 'self' data: 'unsafe-inline';"
+    contentSecurityPolicy: >-
+      default-src
+        'self'
+        data:
+        'unsafe-inline'
+        ;
+      img-src
+        'self'
+        data:
+        *.tile.openstreetmap.org
+        nominatim.openstreetmap.org
+        ;
 ...
author	Patrick Spek <p.spek@tyil.nl>	2024-02-04 10:33:01 +0100
committer	Patrick Spek <p.spek@tyil.nl>	2024-02-04 10:33:01 +0100
commit	12277a8498a3869d64b9230153965a0970319b81 (patch)
tree	3c907464831a37395efb1aa73780e27d674924a3 /data.d
parent	0755683758baa10f516e20c4c82dcca21a85e71c (diff)