kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-10 18:58:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

CORS/CSP hardening & centralization

Browse Source 
- Add reusable Nginx include: roles/sys-svc-proxy/templates/headers/access_control_allow.conf.j2
  (dynamic ACAO/credentials/methods/headers via role vars)
- Set global 'Vary: Origin' in nginx.conf.j2 to prevent cache poisoning
- CSP: allow Simple Icons via connect-src when feature is enabled
- Front proxy: rename vars to lowercase + flush handlers after config deploy
- Desktop: gate & load Simple Icons role; inject brand logos when enabled
- Bluesky + Logout: replace inline CORS with centralized include
- Simpleicons: public CORS (ACAO='*', no credentials), keep GET/OPTIONS, allow headers
- Taiga: adjust canonical domain to taiga.kanban.{{ PRIMARY_DOMAIN }}
- LibreTranslate: remove unused images/versions keys

Fixes: https://open.project.infinito.nexus/projects/cymais/work_packages/342/activity
Discussion: https://chatgpt.com/share/68da5e27-ffd4-800f-91a3-0ef103058d44
This commit is contained in:
Kevin Veen-Birkenbach
2025-09-29 12:23:58 +02:00
parent c06d1c4d17
commit aa19a97ed6
15 changed files with 89 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
roles/web-app-desktop/tasks/01_core.yml
View File

@@ -1,3 +1,12 @@
- name: "Load brand logos role for '{{ application_id }}'"
include_role:
name: web-svc-simpleicons
vars:
flush_handlers: true
when:
- run_once_web_svc_simpleicons is not defined
- DESKTOP_SIMPLEICONS_ENABLED | bool
- name: "Validate configuration"
include_tasks: "02_validate.yml"
when: MODE_ASSERT | bool
@@ -24,25 +33,16 @@
set_fact:
portfolio_cards: "{{ lookup('docker_cards', 'roles') }}"
- name: "Load images for applications feature simpleicons is enabled "
- name: "Load Desktop Brand logos"
set_fact:
portfolio_cards: "{{ portfolio_cards | add_simpleicon_source(domains, WEB_PROTOCOL) }}"
when:
- (applications | get_app_conf(application_id, 'features.simpleicons', False))
when: DESKTOP_SIMPLEICONS_ENABLED | bool
changed_when: false
- name: Group docker cards
set_fact:
portfolio_menu_data: "{{ lookup('docker_cards_grouped', portfolio_cards, portfolio_menu_categories) }}"
- name: Debug portfolio data
debug:
msg:
portfolio_cards: "{{ portfolio_cards }}"
portfolio_menu_categories: "{{ portfolio_menu_categories}}"
portfolio_menu_data: "{{ portfolio_menu_data }}"
service_provider: "{{ service_provider }}"
when: MODE_DEBUG | bool
- name: Copy host-specific config.yaml if it exists
template:
src: "{{ DESKTOP_CONFIG_INV_PATH }}"