Skip to content

Commit

Permalink
PS-743 Move from X-Frame-Options to Content-Security-Policy: frame-an…
Browse files Browse the repository at this point in the history
…cestors (#498)
  • Loading branch information
4rthem authored Dec 2, 2024
1 parent b092ac7 commit 36e3390
Show file tree
Hide file tree
Showing 7 changed files with 8 additions and 5 deletions.
2 changes: 1 addition & 1 deletion expose/api/docker/nginx/entrypoint.sh
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/bin/sh

envsubst '$UPLOAD_MAX_FILE_SIZE,$PS_SUBNET' < /etc/nginx/tpl/default.conf > /etc/nginx/conf.d/default.conf
envsubst '${UPLOAD_MAX_FILE_SIZE},${PS_SUBNET},${DASHBOARD_CLIENT_URL}' < /etc/nginx/tpl/default.conf > /etc/nginx/conf.d/default.conf

exec "$@"
2 changes: 1 addition & 1 deletion expose/api/docker/nginx/tpl/default.conf
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ server {

add_header X-Robots-Tag "noindex, nofollow";
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "deny";
add_header Content-Security-Policy "frame-ancestors 'self' ${DASHBOARD_CLIENT_URL}";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

client_max_body_size $UPLOAD_MAX_FILE_SIZE;
Expand Down
1 change: 1 addition & 0 deletions infra/docker/nginx-client-base/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ RUN apk update \

COPY entrypoint.sh /entrypoint.sh
COPY nginx/conf.d/* /etc/nginx/conf.d/
COPY tpl /etc/nginx/tpl

EXPOSE 80

Expand Down
2 changes: 2 additions & 0 deletions infra/docker/nginx-client-base/entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,6 @@ if [ -d /docker/entrypoint.d ]; then
unset i
fi

envsubst '${DASHBOARD_CLIENT_URL}' < /etc/nginx/tpl/default.conf > /etc/nginx/conf.d/default.conf

exec "$@"
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ server {

add_header X-Robots-Tag "noindex, nofollow";
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "deny";
add_header Content-Security-Policy "frame-ancestors 'self' ${DASHBOARD_CLIENT_URL}";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

root /var/app;
Expand Down
2 changes: 1 addition & 1 deletion infra/docker/nginx-fpm-base/entrypoint.sh
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/bin/sh

envsubst '${FPM_HOSTNAME} ${UPLOAD_MAX_FILE_SIZE}' < /etc/nginx/tpl/default.conf > /etc/nginx/conf.d/default.conf
envsubst '${FPM_HOSTNAME},${UPLOAD_MAX_FILE_SIZE},${DASHBOARD_CLIENT_URL}' < /etc/nginx/tpl/default.conf > /etc/nginx/conf.d/default.conf

exec "$@"
2 changes: 1 addition & 1 deletion infra/docker/nginx-fpm-base/tpl/default.conf
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ server {

add_header X-Robots-Tag "noindex, nofollow";
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "deny";
add_header Content-Security-Policy "frame-ancestors 'self' ${DASHBOARD_CLIENT_URL}";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

location / {
Expand Down

0 comments on commit 36e3390

Please sign in to comment.