kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-16 08:56:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

Optimized CSP check

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-08-07 09:33:19 +02:00
parent 34f9d773bd
commit 99c6c9ec92
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
5 changed files with 13 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Todo.md
View File

@ -1,3 +1,4 @@
# Todos # Todos
- Implement multi language - Implement multi language
- Implement rbac administration interface - Implement rbac administration interface
- Implement [cloudflare dev cache via API](https://chatgpt.com/share/689385e2-7744-800f-aa93-a6e811a245df)

2
group_vars/all/00_general.yml
View File

@ -47,7 +47,7 @@ certbot_credentials_dir: /etc/certbot
certbot_credentials_file: "{{ certbot_credentials_dir }}/{{ certbot_acme_challenge_method }}.ini" certbot_credentials_file: "{{ certbot_credentials_dir }}/{{ certbot_acme_challenge_method }}.ini"
certbot_dns_api_token: "" # Define in inventory file: More information here: group_vars/all/docs/CLOUDFLARE_API_TOKEN.md certbot_dns_api_token: "" # Define in inventory file: More information here: group_vars/all/docs/CLOUDFLARE_API_TOKEN.md
certbot_dns_propagation_wait_seconds: 40 # How long should the script wait for DNS propagation before continuing certbot_dns_propagation_wait_seconds: 40 # How long should the script wait for DNS propagation before continuing
certbot_flavor: san # Possible options: san (recommended, with a dns flavor like cloudflare, or hetzner), wildcard(doesn't function with www redirect), deicated certbot_flavor: san # Possible options: san (recommended, with a dns flavor like cloudflare, or hetzner), wildcard(doesn't function with www redirect), dedicated
# Path where Certbot stores challenge webroot files # Path where Certbot stores challenge webroot files
letsencrypt_webroot_path: "/var/lib/letsencrypt/" letsencrypt_webroot_path: "/var/lib/letsencrypt/"

2
roles/srv-web-7-7-inj-port-ui-desktop/templates/iframe-handler.js.j2
View File

@ -3,6 +3,7 @@
var allowedOrigin = "https://{{ domains | get_domain('web-app-port-ui') }}"; var allowedOrigin = "https://{{ domains | get_domain('web-app-port-ui') }}";
function notifyParent() { function notifyParent() {
if (window.self !== window.top) {
try { try {
window.parent.postMessage({ window.parent.postMessage({
type: "iframeLocationChange", type: "iframeLocationChange",
@ -10,6 +11,7 @@
}, allowedOrigin); }, allowedOrigin);
} catch (e) {} } catch (e) {}
} }
}
function forceExternalLinks() { function forceExternalLinks() {
Array.prototype.forEach.call(document.querySelectorAll("a[href]"), function(a) { Array.prototype.forEach.call(document.querySelectorAll("a[href]"), function(a) {

1
roles/web-svc-logout/config/main.yml
View File

@ -3,6 +3,7 @@ features:
css: true css: true
port-ui-desktop: true port-ui-desktop: true
javascript: false javascript: false
logout: false
domains: domains:
canonical: canonical:
- "logout.{{ primary_domain }}" - "logout.{{ primary_domain }}"

5
roles/web-svc-logout/vars/main.yml
View File

@ -8,8 +8,5 @@ container_port: 8000
# @todo implement the calling of also dependency domains (propably the easiest to write a script which adds all dependencies to group_names) # @todo implement the calling of also dependency domains (propably the easiest to write a script which adds all dependencies to group_names)
logout_domains: >- logout_domains: >-
{{ {{
( (applications | logout_domains(group_names)) | unique | join(',')
[primary_domain] +
(applications | logout_domains(group_names))
) | unique | join(',')
}} }}