From 2b9a8008f4ad0aa8aa775a92550b5cf049d817af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorben=20G=C3=BCnther?= Date: Fri, 15 Sep 2023 14:41:24 +0200 Subject: [PATCH] srht: Update CSP --- roles/srht/files/nginx/builds.conf | 2 +- roles/srht/files/nginx/git.conf | 2 +- roles/srht/files/nginx/hub.conf | 2 +- roles/srht/files/nginx/lists.conf | 2 +- roles/srht/files/nginx/man.conf | 2 +- roles/srht/files/nginx/meta.conf | 2 +- roles/srht/files/nginx/paste.conf | 2 +- roles/srht/files/nginx/todo.conf | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/srht/files/nginx/builds.conf b/roles/srht/files/nginx/builds.conf index 5a7a215..f331f89 100644 --- a/roles/srht/files/nginx/builds.conf +++ b/roles/srht/files/nginx/builds.conf @@ -14,7 +14,7 @@ server { location / { proxy_pass http://127.0.0.1:5002; - add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline'" always; + add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'" always; include /etc/nginx/snippets/srht_web.conf; } diff --git a/roles/srht/files/nginx/git.conf b/roles/srht/files/nginx/git.conf index 11cd386..e193315 100644 --- a/roles/srht/files/nginx/git.conf +++ b/roles/srht/files/nginx/git.conf @@ -13,7 +13,7 @@ server { location / { proxy_pass http://127.0.0.1:5001; - add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self' 'unsafe-inline'" always; + add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'" always; include /etc/nginx/snippets/srht_web.conf; } diff --git a/roles/srht/files/nginx/hub.conf b/roles/srht/files/nginx/hub.conf index 668c532..918bcaa 100644 --- a/roles/srht/files/nginx/hub.conf +++ b/roles/srht/files/nginx/hub.conf @@ -11,7 +11,7 @@ server { location / { proxy_pass http://127.0.0.1:5014; - add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self'" always; + add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self'; frame-ancestors 'none'" always; include /etc/nginx/snippets/srht_web.conf; } diff --git a/roles/srht/files/nginx/lists.conf b/roles/srht/files/nginx/lists.conf index b91aa5d..741181b 100644 --- a/roles/srht/files/nginx/lists.conf +++ b/roles/srht/files/nginx/lists.conf @@ -13,7 +13,7 @@ server { location / { proxy_pass http://127.0.0.1:5006; - add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline'"; + add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'" always; include /etc/nginx/snippets/srht_web.conf; } diff --git a/roles/srht/files/nginx/man.conf b/roles/srht/files/nginx/man.conf index b2dab71..d259ccb 100644 --- a/roles/srht/files/nginx/man.conf +++ b/roles/srht/files/nginx/man.conf @@ -13,7 +13,7 @@ server { location / { proxy_pass http://127.0.0.1:5004; - add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self'" always; + add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self'; frame-ancestors 'none'" always; include /etc/nginx/snippets/srht_web.conf; } diff --git a/roles/srht/files/nginx/meta.conf b/roles/srht/files/nginx/meta.conf index ee93c00..d8c7d6f 100644 --- a/roles/srht/files/nginx/meta.conf +++ b/roles/srht/files/nginx/meta.conf @@ -11,7 +11,7 @@ server { location / { proxy_pass http://127.0.0.1:5000; - add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline' *.stripe.com *.stripe.network; frame-src *.stripe.com *.stripe.network" always; + add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline' *.stripe.com *.stripe.network; frame-src *.stripe.com *.stripe.network always; frame-ancestors 'none'" always; include /etc/nginx/snippets/srht_web.conf; } diff --git a/roles/srht/files/nginx/paste.conf b/roles/srht/files/nginx/paste.conf index 9ba00da..cec2f82 100644 --- a/roles/srht/files/nginx/paste.conf +++ b/roles/srht/files/nginx/paste.conf @@ -13,7 +13,7 @@ server { location / { proxy_pass http://127.0.0.1:5011; - add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self' 'unsafe-inline'" always; + add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'" always; include /etc/nginx/snippets/srht_web.conf; } diff --git a/roles/srht/files/nginx/todo.conf b/roles/srht/files/nginx/todo.conf index 32bbb45..7db8be6 100644 --- a/roles/srht/files/nginx/todo.conf +++ b/roles/srht/files/nginx/todo.conf @@ -13,7 +13,7 @@ server { location / { proxy_pass http://127.0.0.1:5003; - add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self' 'unsafe-inline'" always; + add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'" always; include /etc/nginx/snippets/srht_web.conf; } -- 2.44.0