mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-11-01 18:59:19 +00:00
Kevin Veen-Birkenbach
57d5269b07
- Add CSP3 support for style/script: include -elem and -attr directives - Base (style-src, script-src) now unions elem/attr (CSP2/Safari fallback) - Respect explicit base disables (e.g. style-src.unsafe-inline: false) - Hashes only when 'unsafe-inline' absent in the final base tokens - Nginx: set CSP only for HTML/worker via header_filter_by_lua_block; drop for subresources - Remove per-location header_filter; keep body_filter only - Update app role flags to *-attr where appropriate; extend desktop CSS sources - Add comprehensive unit tests for union/explicit-disable/no-mirror-back Ref: https://chatgpt.com/share/68f87a0a-cebc-800f-bb3e-8c8ab4dee8ee
# Config The domains defined here can be customized by the system administrator. By default, they’re loaded from `../../group_vars/all/04_applications.yml`, but you can override them per application in your repository: ```yaml applications: {{ application_id }}: variable_a: "test string" # Replaces the default value variable_b: {} # Merges with the existing content variable_c: [] # Replaces the default value (use caution with domains) ``` ## Placeholder Logic with `<< >>` You can reference values from the generated `defaults_applications` dictionary at build time by embedding `<< ... >>` placeholders inside your template. For example: ```yaml url: "{{ WEB_PROTOCOL }}://<< defaults_applications.web-svc-file.domains.canonical[0] >>/assets" ``` - The `<< ... >>` placeholders are resolved by the [`DictRenderer`](../../../utils/dict_renderer.py) helper class. - The CLI uses the [`DefaultsGenerator`](../../../cli/build/defaults/applications.py) class to merge all role configurations into a single YAML and then calls the renderer to substitute each `<< ... >>` occurrence. - Use the `--verbose` flag on the CLI script to log every replacement step, and rely on the built‑in timeout (default: 10 seconds) to prevent infinite loops.