Optimized CSP check

2025-08-15 08:30:46 +02:00 · 2025-08-07 09:33:19 +02:00 · 2025-08-07 09:33:19 +02:00 · 99c6c9ec92
commit 99c6c9ec92
parent 34f9d773bd
5 changed files with 13 additions and 12 deletions
--- a/Todo.md
+++ b/Todo.md
@ -1,3 +1,4 @@
 # Todos
 - Implement multi language
- Implement rbac administration interface
+- Implement rbac administration interface
+- Implement [cloudflare dev cache via API](https://chatgpt.com/share/689385e2-7744-800f-aa93-a6e811a245df)
--- a/group_vars/all/00_general.yml
+++ b/group_vars/all/00_general.yml
@ -47,7 +47,7 @@ certbot_credentials_dir:                  /etc/certbot
 certbot_credentials_file:                 "{{ certbot_credentials_dir }}/{{ certbot_acme_challenge_method }}.ini"
 certbot_dns_api_token:                    ""                      # Define in inventory file: More information here: group_vars/all/docs/CLOUDFLARE_API_TOKEN.md
 certbot_dns_propagation_wait_seconds:     40                      # How long should the script wait for DNS propagation before continuing
-certbot_flavor:                           san                     # Possible options: san (recommended, with a dns flavor like cloudflare, or hetzner), wildcard(doesn't function with www redirect), deicated
+certbot_flavor:                           san                     # Possible options: san (recommended, with a dns flavor like cloudflare, or hetzner), wildcard(doesn't function with www redirect), dedicated

 # Path where Certbot stores challenge webroot files
 letsencrypt_webroot_path: "/var/lib/letsencrypt/"
--- a/roles/srv-web-7-7-inj-port-ui-desktop/templates/iframe-handler.js.j2
+++ b/roles/srv-web-7-7-inj-port-ui-desktop/templates/iframe-handler.js.j2
@ -3,12 +3,14 @@
  var allowedOrigin = "https://{{ domains | get_domain('web-app-port-ui') }}";

  function notifyParent() {
-    try {
-      window.parent.postMessage({
-        type: "iframeLocationChange",
-        href: window.location.href
-      }, allowedOrigin);
-    } catch (e) {}
+    if (window.self !== window.top) {
+      try {
+        window.parent.postMessage({
+          type: "iframeLocationChange",
+          href: window.location.href
+        }, allowedOrigin);
+      } catch (e) {}
+    }
  }

  function forceExternalLinks() {
--- a/roles/web-svc-logout/config/main.yml
+++ b/roles/web-svc-logout/config/main.yml
@ -3,6 +3,7 @@ features:
  css:              true
  port-ui-desktop:  true
  javascript:       false
+  logout:           false
 domains:
  canonical:
    - "logout.{{ primary_domain }}"
--- a/roles/web-svc-logout/vars/main.yml
+++ b/roles/web-svc-logout/vars/main.yml
@ -8,8 +8,5 @@ container_port:               8000
 # @todo implement the calling of also dependency domains (propably the easiest to write a script which adds all dependencies to group_names)
 logout_domains: >-
  {{
-    (
-      [primary_domain] +
-      (applications | logout_domains(group_names))
-    ) | unique | join(',')
+    (applications | logout_domains(group_names)) | unique | join(',')
  }}