changeset 254:5a903aa91469

Change header types and add module to fix NextCloud header checks We had SetEnvIf but not a standard Env "Header always set" and "Header set" are not the same and result in concatenated values
author IBBoard <dev@ibboard.co.uk>
date Sun, 29 Dec 2019 12:25:14 +0000
parents 5abf76953360
children d4b2bdfe47a6
files modules/website/manifests/init.pp modules/website/templates/https_core_conf.erb
diffstat 2 files changed, 7 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/modules/website/manifests/init.pp	Wed Dec 25 12:04:26 2019 +0000
+++ b/modules/website/manifests/init.pp	Sun Dec 29 12:25:14 2019 +0000
@@ -48,7 +48,10 @@
   }
   apache::mod {
     'rewrite':;
-    'expires':; 'setenvif':; 'headers':;
+    'expires':;
+    'env':;
+    'setenvif':;
+    'headers':;
     'version':;
   }
 
--- a/modules/website/templates/https_core_conf.erb	Wed Dec 25 12:04:26 2019 +0000
+++ b/modules/website/templates/https_core_conf.erb	Sun Dec 29 12:25:14 2019 +0000
@@ -1,9 +1,9 @@
 Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains"
 Header always set Content-Security-Policy "upgrade-insecure-requests; <%= @csp_string %>"
 Header always set Content-Security-Policy-Report-Only "<%= @csp_report_string %>"
-Header set X-Xss-Protection "1; mode=block"
-Header set X-Content-Type-Options "nosniff"
-Header set X-Frame-Options "SAMEORIGIN"
+Header always set X-Xss-Protection "1; mode=block"
+Header always set X-Content-Type-Options "nosniff"
+Header always set X-Frame-Options "SAMEORIGIN"
 
 RewriteCond %{HTTP_HOST} !=<%= @primary_name %>
 RewriteRule ^(.*)$ https://<%= @primary_name %>$1 [R=301,L]