Mercurial > repos > other > Puppet

diff modules/website/manifests/init.pp @ 410:575764c36e16

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Setup CSP Nonce on the server
author IBBoard <dev@ibboard.co.uk>
date Sat, 08 Oct 2022 12:08:50 +0100
parents df5ad1612af7
children a08a2f718f9d
line wrap: on
line diff
--- a/modules/website/manifests/init.pp	Wed May 25 20:54:03 2022 +0100
+++ b/modules/website/manifests/init.pp	Sat Oct 08 12:08:50 2022 +0100
@@ -22,13 +22,17 @@
   $filterfragment = "Include conf.custom/filter.conf"
   $cmsfragment = "Include conf.extra/cms_rewrites.conf"
 
-  $csp_base = {"frame-ancestors" => "'none'", "base-uri" => "'none'"}
+  $csp_base = {
+    "frame-ancestors" => "'none'",
+    "base-uri" => "'none'",
+    "object-src" => "'none'",
+  }
   $csp_report_base = {
     "default-src" => "'none'",
     "img-src" => "'self'",
-    "script-src" => "'self'",
-    "style-src" => "'self'",
-    "font-src" => "'self'"
+    "script-src" => "'self' 'nonce-%{CSP_NONCE}e'",
+    "style-src" => "'self' 'nonce-%{CSP_NONCE}e'",
+    "font-src" => "'self' 'nonce-%{CSP_NONCE}e'"
   }
 
   if $osfamily == 'RedHat' {