kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-11-07 13:48:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2f46b99e4e784131faff270791fa42cc6cc51e8c
computer-playbook/roles/web-app-jira/config/main.yml
Kevin Veen-Birkenbach 57d5269b07 CSP (Safari-safe): merge -elem/-attr into base; respect explicit disables; no mirror-back; header only for documents/workers 
- Add CSP3 support for style/script: include -elem and -attr directives
- Base (style-src, script-src) now unions elem/attr (CSP2/Safari fallback)
- Respect explicit base disables (e.g. style-src.unsafe-inline: false)
- Hashes only when 'unsafe-inline' absent in the final base tokens
- Nginx: set CSP only for HTML/worker via header_filter_by_lua_block; drop for subresources
- Remove per-location header_filter; keep body_filter only
- Update app role flags to *-attr where appropriate; extend desktop CSS sources
- Add comprehensive unit tests for union/explicit-disable/no-mirror-back

Ref: https://chatgpt.com/share/68f87a0a-cebc-800f-bb3e-8c8ab4dee8ee
2025-10-22 13:53:06 +02:00

43 lines
945 B
YAML
Raw Blame History

credentials: {}
docker:
services:
database:
enabled: true
jira:
image: atlassian/jira-software
version: latest
name: jira
cpus: "2.0"
mem_reservation: "4g"
mem_limit: "6g"
pids_limit: 2048
volumes:
data: "jira_data"
features:
matomo: true
css: true
desktop: true
central_database: true
logout: true
oidc: false # Not enabled for demo version
ldap: false # Not enabled for demo version
server:
csp:
whitelist: {}
flags:
script-src-elem:
unsafe-inline: true
unsafe-eval: true
script-src-attr:
unsafe-inline: true
unsafe-eval: true
domains:
canonical:
- "jira.{{ PRIMARY_DOMAIN }}"
aliases: []
status_codes:
default: 405
rbac:
roles: {}
Reference in New Issue View Git Blame Copy Permalink