Elgato_dark/docs
1
0
Fork 0
mirror of https://github.com/suitenumerique/docs synced 2026-04-21 13:37:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

🔒️(nginx) manage Content-Security-Policy in nginx config

Browse source 
The media route is managed by nginx. On this route we want to add the
Content-Security-Header to forbid fetching any resources.
See : https://content-security-policy.com/
This commit is contained in:
Manuel Raynaud 2025-02-27 16:23:04 +01:00 committed by Anthony LC
parent a22bf95bce
commit 22a665e535
3 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docker/files/etc/nginx/conf.d/default.conf
View file

@ -68,6 +68,8 @@ server {
# Get resource from Minio
proxy_pass http://minio:9000/impress-media-storage/;
proxy_set_header Host minio:9000;
add_header Content-Security-Policy "default-src 'none'" always;
}
location /media-auth {

2
src/helm/impress/Chart.yaml
View file

@ -1,5 +1,5 @@
apiVersion: v2
type: application
name: docs
version: 2.2.0-beta.1
version: 2.2.0-beta.2
appVersion: latest

2
src/helm/impress/values.yaml
View file

@ -170,6 +170,8 @@ ingressMedia:
nginx.ingress.kubernetes.io/auth-url: https://impress.example.com/api/v1.0/documents/media-auth/
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
nginx.ingress.kubernetes.io/upstream-vhost: minio.impress.svc.cluster.local:9000
nginx.ingress.kubernetes.io/configuration-snippet: |
add_header Content-Security-Policy "default-src 'none'" always;
## @param serviceMedia.host
## @param serviceMedia.port