Add CSP headers for img-src and worker-src
These are needed for running skyline dashboard in the future Change-Id: I651a86780ef476eb5f164f9ba3eef72b2bab2781
This commit is contained in:
Jonathan Rosser
parent
753efe197d
commit
642af79142
@ -42,7 +42,7 @@ haproxy_security_headers_max_age: 31536000
|
||||
# Set CSP headers to report only for testing
|
||||
haproxy_security_headers_csp_report_only: False
|
||||
# To override the CSP used by a specific service define a variable haproxy_<service name>_csp
|
||||
haproxy_security_headers_csp: "http-response set-header {{ haproxy_security_headers_csp_report_only | ternary('Content-Security-Policy-Report-Only', 'Content-Security-Policy') }} \"default-src 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src 'self' {{ external_lb_vip_address }}:{{ nova_console_port }}; frame-src 'self' {{ external_lb_vip_address }}:{{ nova_console_port }};\""
|
||||
haproxy_security_headers_csp: "http-response set-header {{ haproxy_security_headers_csp_report_only | ternary('Content-Security-Policy-Report-Only', 'Content-Security-Policy') }} \"default-src 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src 'self' {{ external_lb_vip_address }}:{{ nova_console_port }}; frame-src 'self' {{ external_lb_vip_address }}:{{ nova_console_port }}; img-src 'self' data:; worker-src blob:;\""
|
||||
# To disable security headers set to []
|
||||
haproxy_security_headers:
|
||||
- "http-response set-header Strict-Transport-Security \"max-age={{ haproxy_security_headers_max_age }}; includeSubDomains;\""
|
||||
|
||||
Loading…
Reference in New Issue
Block a user