From 3adb08fc6841206bd99b0129cbdbf0700e527776 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Fri, 15 Aug 2025 20:06:01 +0200
Subject: [PATCH] Prevent exposition of applications credentials

---
 roles/srv-web-7-7-inj-desktop/tasks/main.yml    | 2 ++
 roles/srv-web-7-7-inj-javascript/tasks/main.yml | 1 +
 roles/srv-web-7-7-inj-logout/tasks/main.yml     | 1 +
 3 files changed, 4 insertions(+)

diff --git a/roles/srv-web-7-7-inj-desktop/tasks/main.yml b/roles/srv-web-7-7-inj-desktop/tasks/main.yml
index 901ffc70..1bc35025 100644
--- a/roles/srv-web-7-7-inj-desktop/tasks/main.yml
+++ b/roles/srv-web-7-7-inj-desktop/tasks/main.yml
@@ -19,4 +19,6 @@
 - name: "Append iFrame init CSP hash for '{{ application_id }}'"
   set_fact:
     applications: "{{ applications | append_csp_hash(application_id, iframe_init_code_one_liner) }}"
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
   changed_when: false
+
diff --git a/roles/srv-web-7-7-inj-javascript/tasks/main.yml b/roles/srv-web-7-7-inj-javascript/tasks/main.yml
index 4c2ece47..c7af22d0 100644
--- a/roles/srv-web-7-7-inj-javascript/tasks/main.yml
+++ b/roles/srv-web-7-7-inj-javascript/tasks/main.yml
@@ -19,3 +19,4 @@
   set_fact:
     applications: "{{ applications | append_csp_hash(application_id, javascript_code_one_liner) }}"
   changed_when: false
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
diff --git a/roles/srv-web-7-7-inj-logout/tasks/main.yml b/roles/srv-web-7-7-inj-logout/tasks/main.yml
index c16960b6..aa55e630 100644
--- a/roles/srv-web-7-7-inj-logout/tasks/main.yml
+++ b/roles/srv-web-7-7-inj-logout/tasks/main.yml
@@ -16,3 +16,4 @@
   set_fact:
     applications: "{{ applications | append_csp_hash(application_id, logout_code_one_liner) }}"
   changed_when: false
+  no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"