add content security policy options
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
02ec8fef42
commit
001f23c5ae
@ -76,6 +76,12 @@ nginx_xfo_enabled: True
|
|||||||
nginx_xfo_policy: deny
|
nginx_xfo_policy: deny
|
||||||
|
|
||||||
nginx_xcto_enabled: True
|
nginx_xcto_enabled: True
|
||||||
|
nginx_csp_enabled: False
|
||||||
|
# nginx_csp_options:
|
||||||
|
# - directive: frame-ancestors
|
||||||
|
# parameters:
|
||||||
|
# - https://example.com
|
||||||
|
# - https://mypage.com
|
||||||
|
|
||||||
nginx_xxxsp_enabled: True
|
nginx_xxxsp_enabled: True
|
||||||
nginx_xxxsp_parameters:
|
nginx_xxxsp_parameters:
|
||||||
|
@ -1,9 +1,10 @@
|
|||||||
|
#jinja2: lstrip_blocks: True
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
# protect against protocol downgrading and cookie hijacking
|
# protect against protocol downgrading and cookie hijacking
|
||||||
# https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#hsts
|
# https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#hsts
|
||||||
{% if nginx_tls_hsts_enabled %}
|
{% if nginx_tls_hsts_enabled and nginx_hsts_options is defined%}
|
||||||
add_header Strict-Transport-Security{% if nginx_hsts_options is defined %} "{{ nginx_hsts_options | join("; ") }}"{% endif %};
|
add_header Strict-Transport-Security "{{ nginx_hsts_options | join('; ') }}";
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
# improve the protection against Clickjacking
|
# improve the protection against Clickjacking
|
||||||
@ -11,6 +12,9 @@ add_header Strict-Transport-Security{% if nginx_hsts_options is defined %} "{{ n
|
|||||||
{% if nginx_xfo_enabled %}
|
{% if nginx_xfo_enabled %}
|
||||||
add_header X-Frame-Options {{ nginx_xfo_policy }};
|
add_header X-Frame-Options {{ nginx_xfo_policy }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if nginx_csp_enabled and nginx_csp_options is defined %}
|
||||||
|
add_header Content-Security-Policy "{% for item in nginx_csp_options %}{{ item.directive }} {{ item.parameters | join(' ') }};{% endfor %}";
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# prevent from interpreting files as something else than declared by the content type in HTTP headers
|
# prevent from interpreting files as something else than declared by the content type in HTTP headers
|
||||||
# https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#xcto
|
# https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#xcto
|
||||||
|
Loading…
Reference in New Issue
Block a user