studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(backend) add subrequest auth view for collaboration server

Browse Source 
We need to improve security on the access to The collaboration server
We can use the same pattern as for media files leveraging the nginx
subrequest feature.
This commit is contained in:
Samuel Paccoud - DINUM
2024-11-18 08:05:54 +01:00
committed by Anthony LC
parent 64674b6a73
commit 66553ee236
12 changed files with 118 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/helm/env.d/dev/values.impress.yaml.gotmpl
View File

@@ -6,6 +6,7 @@ image:
backend:
replicas: 1
envVars:
COLLABORATION_SERVER_SECRET: my-secret
DJANGO_CSRF_TRUSTED_ORIGINS: https://impress.127.0.0.1.nip.io,http://impress.127.0.0.1.nip.io
DJANGO_CONFIGURATION: Feature
DJANGO_ALLOWED_HOSTS: impress.127.0.0.1.nip.io
@@ -104,6 +105,12 @@ ingressWS:
enabled: true
host: impress.127.0.0.1.nip.io
annotations:
nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, Can-Edit, User-Id"
nginx.ingress.kubernetes.io/auth-url: https://impress.127.0.0.1.nip.io/api/v1.0/documents/collaboration-auth/
nginx.ingress.kubernetes.io/enable-websocket: "true"
nginx.ingress.kubernetes.io/upstream-hash-by: "$request_uri"
ingressAdmin:
enabled: true
host: impress.127.0.0.1.nip.io