diff --git a/roles/sys-svc-proxy/templates/location/html.conf.j2 b/roles/sys-svc-proxy/templates/location/html.conf.j2 index fe15fdd5..d8d283f4 100644 --- a/roles/sys-svc-proxy/templates/location/html.conf.j2 +++ b/roles/sys-svc-proxy/templates/location/html.conf.j2 @@ -19,6 +19,8 @@ location {{location}} {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/headers/access_control_allow.conf.j2' %} + # WebSocket specific header proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; diff --git a/roles/web-app-peertube/templates/peertube.conf.j2 b/roles/web-app-peertube/templates/peertube.conf.j2 index bfda9d26..c86694ac 100644 --- a/roles/web-app-peertube/templates/peertube.conf.j2 +++ b/roles/web-app-peertube/templates/peertube.conf.j2 @@ -6,6 +6,8 @@ server { {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%} {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %} + + {% include 'roles/sys-svc-proxy/templates/headers/access_control_allow.conf.j2' %} ## # Application diff --git a/roles/web-svc-cdn/templates/nginx.conf.j2 b/roles/web-svc-cdn/templates/nginx.conf.j2 index e5f0b89c..20b695f5 100644 --- a/roles/web-svc-cdn/templates/nginx.conf.j2 +++ b/roles/web-svc-cdn/templates/nginx.conf.j2 @@ -7,6 +7,8 @@ server {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%} {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %} + + {% include 'roles/sys-svc-proxy/templates/headers/access_control_allow.conf.j2' %} charset utf-8; diff --git a/roles/web-svc-collabora/templates/nginx.conf.j2 b/roles/web-svc-collabora/templates/nginx.conf.j2 index 019fb975..2f07de3c 100644 --- a/roles/web-svc-collabora/templates/nginx.conf.j2 +++ b/roles/web-svc-collabora/templates/nginx.conf.j2 @@ -2,10 +2,13 @@ server { server_name {{ domain }}; {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%} {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/headers/access_control_allow.conf.j2' %} + {# Normal HTTP routes (discovery, browser, assets) – no Lua injection #} {% set proxy_lua_enabled = false %} {% set location = "/" %} diff --git a/roles/web-svc-file/templates/nginx.conf.j2 b/roles/web-svc-file/templates/nginx.conf.j2 index 92e285f9..d33284ad 100644 --- a/roles/web-svc-file/templates/nginx.conf.j2 +++ b/roles/web-svc-file/templates/nginx.conf.j2 @@ -8,6 +8,8 @@ server {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/headers/access_control_allow.conf.j2' %} + charset utf-8; location / diff --git a/roles/web-svc-html/templates/nginx.conf.j2 b/roles/web-svc-html/templates/nginx.conf.j2 index 69088fce..6b035b4c 100644 --- a/roles/web-svc-html/templates/nginx.conf.j2 +++ b/roles/web-svc-html/templates/nginx.conf.j2 @@ -7,6 +7,8 @@ server {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%} {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %} + + {% include 'roles/sys-svc-proxy/templates/headers/access_control_allow.conf.j2' %} charset utf-8; diff --git a/roles/web-svc-simpleicons/tasks/main.yml b/roles/web-svc-simpleicons/tasks/main.yml index 56fe5e72..ec4cf716 100644 --- a/roles/web-svc-simpleicons/tasks/main.yml +++ b/roles/web-svc-simpleicons/tasks/main.yml @@ -4,10 +4,9 @@ include_role: name: sys-stk-full-stateless vars: - aca_origin: "* always" - aca_methods: "'GET, OPTIONS' always" - aca_headers: "'Accept, Authorization, Content-Type' always" - + aca_origin: "* always" + aca_methods: "'GET, OPTIONS' always" + aca_headers: '"Origin, X-Requested-With, Content-Type, Accept, Authorization" always' - name: "Copy '{{ application_id }}' files" template: src: "{{ item.source }}"