From 12277a8498a3869d64b9230153965a0970319b81 Mon Sep 17 00:00:00 2001
From: Patrick Spek
Date: Sun, 4 Feb 2024 10:33:01 +0100
Subject: Update CSP headers
---
.../kube-system/treafik/middleware-headers-argo.yaml | 14 +++++++++++++-
.../kube-system/treafik/middleware-headers-keycloak.yaml | 8 +++++++-
.../kube-system/treafik/middleware-headers-nextcloud.yaml | 13 ++++++++++++-
3 files changed, 32 insertions(+), 3 deletions(-)
diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml
index c19e4f6..f88167f 100644
--- a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml
@@ -8,5 +8,17 @@ spec:
headers:
stsPreload: true
forceSTSHeader: true
- contentSecurityPolicy: "default-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:; worker-src *"
+ contentSecurityPolicy: >-
+ default-src
+ 'self'
+ 'unsafe-eval'
+ 'unsafe-inline'
+ ;
+ img-src
+ 'self'
+ data:
+ ;
+ worker-src
+ *
+ ;
...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml
index d8e4001..8619e15 100644
--- a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml
@@ -8,5 +8,11 @@ spec:
headers:
stsPreload: true
forceSTSHeader: true
- contentSecurityPolicy: "default-src 'self'; style-src 'unsafe-inline'"
+ contentSecurityPolicy: >-
+ default-src
+ 'self'
+ ;
+ style-src
+ 'unsafe-inline'
+ ;
...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml
index e3b4179..f013ab2 100644
--- a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml
@@ -8,5 +8,16 @@ spec:
headers:
stsPreload: true
forceSTSHeader: true
- contentSecurityPolicy: "default-src 'self' data: 'unsafe-inline';"
+ contentSecurityPolicy: >-
+ default-src
+ 'self'
+ data:
+ 'unsafe-inline'
+ ;
+ img-src
+ 'self'
+ data:
+ *.tile.openstreetmap.org
+ nominatim.openstreetmap.org
+ ;
...
--
cgit v1.1