Import CSP in manager code (#1137)
This commit is contained in:
parent
9b9ecee8bb
commit
0845237efe
|
@ -37,12 +37,6 @@
|
|||
<Files *.fcgi>
|
||||
SetHandler fcgid-script
|
||||
Options +ExecCGI
|
||||
<IfModule mod_headers.c>
|
||||
header set Content-Security-Policy "default-src 'self';frame-ancestors 'none';form-action 'self';img-src 'self' auth.example.com;"
|
||||
header set X-Content-Type-Options nosniff
|
||||
header set X-Frame-Options DENY
|
||||
header set X-XSS-Protection "1; mode=block"
|
||||
</IfModule>
|
||||
</Files>
|
||||
|
||||
# If you want to use mod_fastcgi, replace lines below by:
|
||||
|
|
|
@ -37,12 +37,6 @@
|
|||
<Files *.fcgi>
|
||||
SetHandler fcgid-script
|
||||
Options +ExecCGI
|
||||
<IfModule mod_headers.c>
|
||||
header set Content-Security-Policy "default-src 'self';frame-ancestors 'none';form-action 'self';img-src 'self' auth.example.com;"
|
||||
header set X-Content-Type-Options nosniff
|
||||
header set X-Frame-Options DENY
|
||||
header set X-XSS-Protection "1; mode=block"
|
||||
</IfModule>
|
||||
</Files>
|
||||
|
||||
# If you want to use mod_fastcgi, replace lines below by:
|
||||
|
|
|
@ -37,12 +37,6 @@
|
|||
<Files *.fcgi>
|
||||
SetHandler fcgid-script
|
||||
Options +ExecCGI
|
||||
<IfModule mod_headers.c>
|
||||
header set Content-Security-Policy "default-src 'self';frame-ancestors 'none';form-action 'self';img-src 'self' auth.example.com;"
|
||||
header set X-Content-Type-Options nosniff
|
||||
header set X-Frame-Options DENY
|
||||
header set X-XSS-Protection "1; mode=block"
|
||||
</IfModule>
|
||||
</Files>
|
||||
|
||||
# If you want to use mod_fastcgi, replace lines below by:
|
||||
|
|
|
@ -14,10 +14,6 @@ server {
|
|||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header Content-Security-Policy "default-src 'self';frame-ancestors 'none';form-action 'self';img-src 'self' auth.example.com;";
|
||||
add_header X-Frame-Options DENY;
|
||||
# Uncomment this if you use https only
|
||||
#add_header Strict-Transport-Security "15768000";
|
||||
}
|
||||
|
|
|
@ -22,6 +22,8 @@ our $VERSION = '2.0.0';
|
|||
extends 'Lemonldap::NG::Common::Conf::AccessLib',
|
||||
'Lemonldap::NG::Handler::PSGI::Router';
|
||||
|
||||
has csp => ( is => 'rw' );
|
||||
|
||||
## @method boolean init($args)
|
||||
# Launch initialization method
|
||||
#
|
||||
|
@ -75,6 +77,12 @@ sub init {
|
|||
$self->addRoute( links => 'links', ['GET'] );
|
||||
$self->addRoute( 'psgi.js' => 'sendJs', ['GET'] );
|
||||
|
||||
my $portal = $conf->{portal};
|
||||
$portal =~ s#htts?://([^/])*.*#$1#;
|
||||
$self->csp(
|
||||
"default-src 'self';frame-ancestors 'none';form-action 'self';img-src 'self' $portal;"
|
||||
);
|
||||
|
||||
$self->defaultRoute( $working[0]->defaultRoute );
|
||||
|
||||
my $linksIcons =
|
||||
|
@ -124,6 +132,17 @@ sub javascript {
|
|||
);
|
||||
}
|
||||
|
||||
sub sendHtml {
|
||||
my ( $self, $req, $template, %args ) = @_;
|
||||
my $res = $self->SUPER::sendHtml( $req, $template, %args );
|
||||
push @{ $res->[1] },
|
||||
'Content-Security-Policy' => $self->csp,
|
||||
'X-Content-Type-Options' => 'nosniff',
|
||||
'X-Frame-Options' => 'DENY',
|
||||
'X-XSS-Protection' => '1; mode=block';
|
||||
return $res;
|
||||
}
|
||||
|
||||
1;
|
||||
__END__
|
||||
|
||||
|
|
|
@ -45,7 +45,7 @@ sub mkSessionArray {
|
|||
foreach my $session (@$sessions) {
|
||||
$tmp .= "<tr>";
|
||||
$tmp .= "<td>$session->{user}</td>" if ($displayUser);
|
||||
$tmp .= qq'<td localtime="$session->{_utime}"></td>";
|
||||
$tmp .= qq'<td localtime="$session->{_utime}"></td>';
|
||||
$tmp .= "<td>$session->{ipAddr}</td>";
|
||||
$tmp .= "<td>" . ( $session->{$_} || "" ) . "</td>"
|
||||
foreach ( keys %{ $self->{sessionDataToRemember} } );
|
||||
|
|
|
@ -674,7 +674,8 @@ sub _dump {
|
|||
|
||||
sub sendHtml {
|
||||
my ( $self, $req, $template, %args ) = @_;
|
||||
push @{ $req->respHeaders },
|
||||
my $res = $self->SUPER::sendHtml( $req, $template, %args );
|
||||
push @{ $res->[1] },
|
||||
'X-XSS-Protection' => '1; mode=block',
|
||||
'X-Content-Type-Options' => 'nosniff';
|
||||
|
||||
|
@ -692,7 +693,7 @@ sub sendHtml {
|
|||
|
||||
# Deny using portal in frame except if it is required
|
||||
unless ( $req->frame or $self->conf->{portalAntiFrame} == 0 ) {
|
||||
push @{ $req->respHeaders }, 'X-Frame-Options' => 'DENY';
|
||||
push @{ $res->[1] }, 'X-Frame-Options' => 'DENY';
|
||||
$csp .= "frame-ancestors 'none';";
|
||||
}
|
||||
|
||||
|
@ -707,9 +708,8 @@ sub sendHtml {
|
|||
}
|
||||
|
||||
# Set CSP header
|
||||
push @{ $req->respHeaders }, 'Content-Security-Policy' => $csp;
|
||||
|
||||
return $self->SUPER::sendHtml( $req, $template, %args );
|
||||
push @{ $res->[1] }, 'Content-Security-Policy' => $csp;
|
||||
return $res;
|
||||
}
|
||||
|
||||
sub rebuildCookies {
|
||||
|
|
Loading…
Reference in New Issue
Block a user