moon
/
soapbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Docker: make CSP configurable

This commit is contained in:
Alex Gleason 2022-09-04 14:46:29 -05:00
parent 9821a1f639
commit 06afd12213
No known key found for this signature in database
GPG Key ID: 7211D1F99744FBB7
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Dockerfile
View File

@ -11,5 +11,6 @@ FROM nginx:stable-alpine
EXPOSE 5000 EXPOSE 5000
ENV PORT=5000 ENV PORT=5000
ENV BACKEND_URL=http://localhost ENV BACKEND_URL=http://localhost
ENV CSP=
COPY installation/docker.conf.template /etc/nginx/templates/default.conf.template COPY installation/docker.conf.template /etc/nginx/templates/default.conf.template
COPY --from=build /app/static /usr/share/nginx/html COPY --from=build /app/static /usr/share/nginx/html

4
installation/docker.conf.template
View File

@ -50,7 +50,7 @@ server {
# Content Security Policy (CSP) # Content Security Policy (CSP)
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
add_header Content-Security-Policy "base-uri 'none'; default-src 'none'; font-src 'self'; img-src 'self' https: data: blob:; style-src 'self' 'unsafe-inline'; media-src 'self' https: data:; frame-src 'self' https:; manifest-src 'self'; connect-src 'self' data: blob:; script-src 'self'; child-src 'self'; worker-src 'self';"; add_header Content-Security-Policy "${CSP}";
# Fallback route. # Fallback route.
# Try static files, then fall back to the SPA. # Try static files, then fall back to the SPA.
@ -97,7 +97,7 @@ server {
proxy_set_header Proxy ""; proxy_set_header Proxy "";
proxy_pass_header Server; proxy_pass_header Server;
proxy_pass ${BACKEND_URL}; proxy_pass "${BACKEND_URL}";
proxy_buffering on; proxy_buffering on;
proxy_redirect off; proxy_redirect off;
proxy_http_version 1.1; proxy_http_version 1.1;