From f9ca566a0787d40df2d627e1174f5bdcf5f4106e Mon Sep 17 00:00:00 2001
From: saltydk <salty@salty.dk>
Date: Wed, 4 Oct 2023 20:47:10 +0200
Subject: [PATCH] traefik: expand the dropsecurityheaders middleware

---
 roles/remote/tasks/main.yml            | 2 +-
 roles/traefik/templates/dynamic.yml.j2 | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/roles/remote/tasks/main.yml b/roles/remote/tasks/main.yml
index c7dbbdbdd7..bd5f8f3ee6 100644
--- a/roles/remote/tasks/main.yml
+++ b/roles/remote/tasks/main.yml
@@ -37,7 +37,7 @@
       register: saltbox_managed_containers
       ignore_errors: true
 
-    - name: "Set 'containers_list' variable"
+    - name: "Set 'containers_list' and 'remote_stopped_docker' variables"
       ansible.builtin.set_fact:
         containers_list: "{{ saltbox_managed_containers.stdout }}"
         remote_stopped_docker: true
diff --git a/roles/traefik/templates/dynamic.yml.j2 b/roles/traefik/templates/dynamic.yml.j2
index e468d7a58d..d4c3fd4569 100644
--- a/roles/traefik/templates/dynamic.yml.j2
+++ b/roles/traefik/templates/dynamic.yml.j2
@@ -29,11 +29,18 @@ http:
           X-Forwarded-Proto: https
     dropsecurityheaders:
       headers:
+        accessControlAllowCredentials: "true"
+        accessControlAllowHeaders: "*"
+        accessControlAllowMethods: "*"
+        accessControlAllowOriginList: "*"
+        accessControlExposeHeaders: "*"
+        accessControlMaxAge: "100000"
         customresponseheaders:
           content-security-policy: ""
           permissions-policy: ""
           referrer-policy: ""
           x-frame-options: ""
+          cross-origin-opener-policy: ""
     hsts:
       headers:
         stsSeconds: 63072000