kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-03-26 03:03:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Changed iframe options

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-03-20 04:31:02 +01:00
parent 87ca1ccc11
commit 0611ddda11
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
8 changed files with 15 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
group_vars/all/07_applications.yml
View File

@ -182,7 +182,7 @@ defaults_applications:
# administrator_password: # Needs to be defined in inventory file
matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking
css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style
landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe
landingpage_iframe_enabled: false # Disabled by default, because it leads to authentification problems
## LDAP
ldap:

1
roles/docker-nextcloud/templates/nginx/docker.conf.j2
View File

@ -74,6 +74,7 @@ http {
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Frame-Options "SAMEORIGIN" always;
{% include 'roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2' %}
# Remove X-Powered-By, which is an information leak

3
roles/docker-peertube/templates/peertube.conf.j2
View File

@ -4,6 +4,9 @@ server {
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
{% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%}
{% include 'roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2' %}
##
# Application
##

4
roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2
View File

@ -1,4 +1,4 @@
add_header X-Frame-Options "SAMEORIGIN" always; # Allow iframe embedding only from the same origin
{% if landingpage_iframe_enabled | default(applications.get(application_id).get('landingpage_iframe_enabled')) | bool %}
add_header Content-Security-Policy "frame-ancestors {{primary_domain}};" always; # Restrict embedding to the specified primary domain
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Content-Security-Policy "frame-ancestors 'self' {{primary_domain}};" always;
{% endif %}

8
roles/nginx-serve-assets/README.md
View File

@ -1,6 +1,2 @@
# Nginx Homepage Role
This Ansible role configures an Nginx server to serve a static homepage. It handles domain configuration, SSL certificate retrieval with Let's Encrypt.
## Author Information
This role was created in 2023 by [Kevin Veen Birkenbach](https://www.veen.world/).
# Assets Server
This role provides assets

7
roles/nginx-serve-files/README.md
View File

@ -1,6 +1,3 @@
# Nginx Homepage Role
# Nginx File Server
This Ansible role configures an Nginx server to serve files. It handles domain configuration, SSL certificate retrieval with Let's Encrypt.
## Author Information
This role was created in 2023 by [Kevin Veen Birkenbach](https://www.veen.world/).
This Ansible role configures an Nginx server to serve files.

2
roles/nginx-serve-files/templates/nginx.conf.j2
View File

@ -5,6 +5,8 @@ server
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
{% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%}
{% include 'roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2' %}
charset utf-8;
location /

2
roles/nginx-serve-html/templates/nginx.conf.j2
View File

@ -5,6 +5,8 @@ server
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
{% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%}
{% include 'roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2' %}
charset utf-8;
location /