fix(csp): resolve all CSP-related issues and extend webserver health checks

- Added _normalize_codes to support lists of valid HTTP status codes - Updated web_health_expectations to handle multiple codes, deduplication, and fallback logic - Extended unit tests with coverage for list/default combinations, invalid values, and alias behavior - Fixed Flowise CSP flags and whitelist entries - Adjusted Flowise, MinIO, and Pretix docker service resource limits - Updated docker-compose templates with explicit service_name - Corrected MinIO status_codes to 301 redirects ✅ All CSP errors fixed See details: https://chatgpt.com/share/68d557ad-fc10-800f-b68b-0411d20ea6eb
2025-10-10 10:48:10 +02:00 · 2025-09-25 18:05:41 +02:00
parent 5186eb5714
commit 6f3522dc28
6 changed files with 200 additions and 35 deletions
--- a/roles/web-app-minio/config/main.yml
+++ b/roles/web-app-minio/config/main.yml
@@ -10,7 +10,8 @@ features:
  ldap:             false # OIDC is already activated so LDAP isn't necessary
 server:
  status_codes:
-    api: 400
+    api:      301
+    console:  301
  domains:
    canonical:
      console:  "console.s3.{{ PRIMARY_DOMAIN }}"
@@ -25,10 +26,14 @@ docker:
  services:
    minio:
      backup:
-        no_stop_required: true
-      image:   quay.io/minio/minio
-      version: latest
-      name:    minio
+        no_stop_required: false
+      image:              quay.io/minio/minio
+      version:            latest
+      name:               minio
+      cpus:               "2.0"
+      mem_reservation:    "2g"
+      mem_limit:          "4g"
+      pids_limit:         2048
    redis:
      enabled: false
    database: