studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔒️(nginx) manage Content-Security-Policy in nginx config

Browse Source 
The media route is managed by nginx. On this route we want to add the
Content-Security-Header to forbid fetching any resources.
See : https://content-security-policy.com/
This commit is contained in:
Manuel Raynaud
2025-02-27 16:23:04 +01:00
committed by Anthony LC
parent a22bf95bce
commit 22a665e535
3 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docker/files/etc/nginx/conf.d/default.conf
View File

@@ -68,6 +68,8 @@ server {
# Get resource from Minio # Get resource from Minio
proxy_pass http://minio:9000/impress-media-storage/; proxy_pass http://minio:9000/impress-media-storage/;
proxy_set_header Host minio:9000; proxy_set_header Host minio:9000;
add_header Content-Security-Policy "default-src 'none'" always;
} }
location /media-auth { location /media-auth {

2
src/helm/impress/Chart.yaml
View File

@@ -1,5 +1,5 @@
apiVersion: v2 apiVersion: v2
type: application type: application
name: docs name: docs
version: 2.2.0-beta.1 version: 2.2.0-beta.2
appVersion: latest appVersion: latest

2
src/helm/impress/values.yaml
View File

@@ -170,6 +170,8 @@ ingressMedia:
nginx.ingress.kubernetes.io/auth-url: https://impress.example.com/api/v1.0/documents/media-auth/ nginx.ingress.kubernetes.io/auth-url: https://impress.example.com/api/v1.0/documents/media-auth/
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256" nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256"
nginx.ingress.kubernetes.io/upstream-vhost: minio.impress.svc.cluster.local:9000 nginx.ingress.kubernetes.io/upstream-vhost: minio.impress.svc.cluster.local:9000
nginx.ingress.kubernetes.io/configuration-snippet: |
add_header Content-Security-Policy "default-src 'none'" always;
## @param serviceMedia.host ## @param serviceMedia.host
## @param serviceMedia.port ## @param serviceMedia.port