mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-11-01 02:39:24 +00:00
Kevin Veen-Birkenbach
a996e2190f
- sys-front-inj-logout: depend on web-svc-logout (run-once guarded) and simplify task flow. - web-svc-logout: align feature flags/formatting and extend CSP: - add cdn.jsdelivr.net to connect/script/style and quote values. - Nginx: move CORS config into logout-proxy.conf.j2 with dynamic vars: - Access-Control-Allow-Origin set to canonical logout origin, - Allow-Credentials=true, - Allow-Methods=GET, OPTIONS, - basic headers list (Accept, Authorization), - cache disabled for /logout responses. - Drop obsolete CORS var passing from 01_core.yml; headers now templated at proxy layer. Prepares clean cross-origin logout orchestration from https://logout.veen.world. Refs: ChatGPT discussion – https://chatgpt.com/share/68ebb75f-0170-800f-93c5-e5cb438b8ed4
30 lines
740 B
YAML
30 lines
740 B
YAML
features:
|
|
matomo: true
|
|
css: true
|
|
desktop: true
|
|
javascript: false
|
|
logout: false
|
|
server:
|
|
domains:
|
|
canonical:
|
|
- "logout.{{ PRIMARY_DOMAIN }}"
|
|
aliases: []
|
|
csp:
|
|
flags:
|
|
style-src:
|
|
unsafe-inline: true
|
|
script-src-elem:
|
|
unsafe-inline: true
|
|
whitelist:
|
|
connect-src:
|
|
- "{{ WEB_PROTOCOL }}://*.{{ PRIMARY_DOMAIN }}"
|
|
- "{{ WEB_PROTOCOL }}://{{ PRIMARY_DOMAIN }}"
|
|
- "https://cdn.jsdelivr.net"
|
|
script-src-elem:
|
|
- "https://cdn.jsdelivr.net"
|
|
style-src-elem:
|
|
- "https://cdn.jsdelivr.net"
|
|
frame-ancestors:
|
|
- "{{ WEB_PROTOCOL }}://<< defaults_applications[web-app-keycloak].server.domains.canonical[0] >>"
|
|
|