From 12277a8498a3869d64b9230153965a0970319b81 Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Sun, 4 Feb 2024 10:33:01 +0100
Subject: Update CSP headers

---
 .../kube-system/treafik/middleware-headers-argo.yaml       | 14 +++++++++++++-
 .../kube-system/treafik/middleware-headers-keycloak.yaml   |  8 +++++++-
 .../kube-system/treafik/middleware-headers-nextcloud.yaml  | 13 ++++++++++++-
 3 files changed, 32 insertions(+), 3 deletions(-)

(limited to 'data.d')

diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml
index c19e4f6..f88167f 100644
--- a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-argo.yaml
@@ -8,5 +8,17 @@ spec:
   headers:
     stsPreload: true
     forceSTSHeader: true
-    contentSecurityPolicy: "default-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src 'self' data:; worker-src *"
+    contentSecurityPolicy: >-
+      default-src
+        'self'
+        'unsafe-eval'
+        'unsafe-inline'
+        ;
+      img-src
+        'self'
+        data:
+        ;
+      worker-src
+        *
+        ;
 ...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml
index d8e4001..8619e15 100644
--- a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-keycloak.yaml
@@ -8,5 +8,11 @@ spec:
   headers:
     stsPreload: true
     forceSTSHeader: true
-    contentSecurityPolicy: "default-src 'self'; style-src 'unsafe-inline'"
+    contentSecurityPolicy: >-
+      default-src
+        'self'
+        ;
+      style-src
+        'unsafe-inline'
+        ;
 ...
diff --git a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml
index e3b4179..f013ab2 100644
--- a/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml
+++ b/data.d/k3s-master/manifests.d/tyilnet/kube-system/treafik/middleware-headers-nextcloud.yaml
@@ -8,5 +8,16 @@ spec:
   headers:
     stsPreload: true
     forceSTSHeader: true
-    contentSecurityPolicy: "default-src 'self' data: 'unsafe-inline';"
+    contentSecurityPolicy: >-
+      default-src
+        'self'
+        data:
+        'unsafe-inline'
+        ;
+      img-src
+        'self'
+        data:
+        *.tile.openstreetmap.org
+        nominatim.openstreetmap.org
+        ;
 ...
-- 
cgit v1.1