rnsrk/wisski-cloud-distillery
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add support for Content-Security-Policy in images

Browse source 
This commit adds support for the "Content-Security-Policy" header in the
barrel images.
This commit is contained in:
Tom 2023-07-13 23:26:37 +02:00
parent 17d64826df
commit 760aae0dc1
32 changed files with 162 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

20
internal/models/instances_system.go
View file

@ -4,8 +4,10 @@ package models
// It is embedded into the instances struct by gorm.
type System struct {
// NOTE(twiesing): Any changes here should be reflected in instance_{provision,rebuild}.html and remote/api.ts.
PHP string `gorm:"column:php;not null"`
OpCacheDevelopment bool `gorm:"column:opcache_devel;not null"`
PHP string `gorm:"column:php;not null"` // php version to use
OpCacheDevelopment bool `gorm:"column:opcache_devel;not null"` // opcache development
ContentSecurityPolicy string `gorm:"column:csp;not null"` // content security policy for the system
}
const (
@ -48,3 +50,17 @@ func (system System) GetDockerBaseImage() string {
}
return imagePrefix + version + imageSuffix
}
const (
// Content Security Policy used by the internal server
ContentSecurityPolicyNothing = "base-uri 'self'; default-src 'none';"
// Content Security policy used by the distillery admin server
ContentSecurityPolicyDistilery = "base-uri 'self'; default-src 'self'; img-src 'self' data:; media-src 'none'; worker-src 'none'; frame-src 'none'; frame-ancestors 'none';"
)
func ContentSecurityPolicyExamples() []string {
return []string{
ContentSecurityPolicyDistilery,
}
}