Changed iframe options

group_vars/all/07_applications.yml

@@ -182,7 +182,7 @@ defaults_applications:
 #   administrator_password:                                                 # Needs to be defined in inventory file
     matomo_tracking_enabled:      "{{matomo_tracking_enabled_default}}"     # Enables\Disables Matomo Tracking
     css_enabled:                  "{{css_enabled_default}}"                 # Enables\Disables Global CSS Style
-    landingpage_iframe_enabled:   "{{landingpage_iframe_enabled_default}}"  # Enables\Disables the possibility to embed this on landing page via iframe      
+    landingpage_iframe_enabled:   false                                     # Disabled by default, because it leads to authentification problems
 
   ## LDAP
   ldap:

roles/docker-nextcloud/templates/nginx/docker.conf.j2

@@ -74,6 +74,7 @@ http {
         add_header X-Permitted-Cross-Domain-Policies    "none"                  always;
         add_header X-Robots-Tag                         "noindex, nofollow"     always;
         add_header X-XSS-Protection                     "1; mode=block"         always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
         {% include 'roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2' %}
 
         # Remove X-Powered-By, which is an information leak

roles/docker-peertube/templates/peertube.conf.j2

@@ -4,6 +4,9 @@ server {
   {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
 
   {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%}
+  
+  {% include 'roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2' %}
+  
   ##
   # Application
   ##

roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2

@@ -1,4 +1,4 @@
-add_header X-Frame-Options "SAMEORIGIN" always;                                     # Allow iframe embedding only from the same origin
 {% if landingpage_iframe_enabled | default(applications.get(application_id).get('landingpage_iframe_enabled')) | bool %}
-  add_header Content-Security-Policy "frame-ancestors {{primary_domain}};" always;  # Restrict embedding to the specified primary domain
+add_header X-Frame-Options "SAMEORIGIN" always;
+add_header Content-Security-Policy "frame-ancestors 'self' {{primary_domain}};" always;
 {% endif %}

roles/nginx-serve-assets/README.md

@@ -1,6 +1,2 @@
-# Nginx Homepage Role
-
-This Ansible role configures an Nginx server to serve a static homepage. It handles domain configuration, SSL certificate retrieval with Let's Encrypt.
-
-## Author Information
-This role was created in 2023 by [Kevin Veen Birkenbach](https://www.veen.world/).
+# Assets Server
+This role provides assets

roles/nginx-serve-files/README.md

@@ -1,6 +1,3 @@
-# Nginx Homepage Role
+# Nginx File Server
 
-This Ansible role configures an Nginx server to serve files. It handles domain configuration, SSL certificate retrieval with Let's Encrypt.
-
-## Author Information
-This role was created in 2023 by [Kevin Veen Birkenbach](https://www.veen.world/).
+This Ansible role configures an Nginx server to serve files.

roles/nginx-serve-files/templates/nginx.conf.j2

@@ -5,6 +5,8 @@ server
   {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
 
   {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%}
+
+  {% include 'roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2' %}
   charset utf-8;
   
   location /

roles/nginx-serve-html/templates/nginx.conf.j2

@@ -5,6 +5,8 @@ server
   {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
 
   {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%}
+
+  {% include 'roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2' %}
   charset utf-8;
   
   location /