kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-21 13:36:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(logout): wire injector to web-svc-logout and add robust CORS/CSP for /logout

Browse Source 
- sys-front-inj-logout: depend on web-svc-logout (run-once guarded) and simplify task flow.
- web-svc-logout: align feature flags/formatting and extend CSP:
  - add cdn.jsdelivr.net to connect/script/style and quote values.
- Nginx: move CORS config into logout-proxy.conf.j2 with dynamic vars:
  - Access-Control-Allow-Origin set to canonical logout origin,
  - Allow-Credentials=true,
  - Allow-Methods=GET, OPTIONS,
  - basic headers list (Accept, Authorization),
  - cache disabled for /logout responses.
- Drop obsolete CORS var passing from 01_core.yml; headers now templated at proxy layer.

Prepares clean cross-origin logout orchestration from https://logout.veen.world.

Refs: ChatGPT discussion – https://chatgpt.com/share/68ebb75f-0170-800f-93c5-e5cb438b8ed4
This commit is contained in:
Kevin Veen-Birkenbach
2025-10-12 16:16:47 +02:00
parent 7dccffd52d
commit a996e2190f
5 changed files with 23 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
roles/web-svc-logout/config/main.yml
View File

@@ -1,9 +1,9 @@
features:
matomo: true
css: true
desktop: true
javascript: false
logout: false
matomo: true
css: true
desktop: true
javascript: false
logout: false
server:
domains:
canonical:
@@ -19,10 +19,11 @@ server:
connect-src:
- "{{ WEB_PROTOCOL }}://*.{{ PRIMARY_DOMAIN }}"
- "{{ WEB_PROTOCOL }}://{{ PRIMARY_DOMAIN }}"
- "https://cdn.jsdelivr.net"
script-src-elem:
- https://cdn.jsdelivr.net
- "https://cdn.jsdelivr.net"
style-src-elem:
- https://cdn.jsdelivr.net
- "https://cdn.jsdelivr.net"
frame-ancestors:
- "{{ WEB_PROTOCOL }}://<< defaults_applications[web-app-keycloak].server.domains.canonical[0] >>"