From 65049a09b557e2baf99ed72d1b9096c19fc04e94 Mon Sep 17 00:00:00 2001 From: xeruf <27jf@pm.me> Date: Wed, 10 Apr 2024 15:12:14 +0200 Subject: [PATCH] Allow iframing from Nextcloud for more apps again --- .../forgejo/forgejo-values-configmap.yaml | 4 ++- .../invoiceninja-values-configmap.yaml | 2 +- .../zammad/zammad-values-configmap.yaml | 2 ++ overrides/kustomization.yaml | 9 ------ overrides/stackspin-zulip-override.yaml | 30 +++++++++++++++++-- 5 files changed, 33 insertions(+), 14 deletions(-) delete mode 100644 overrides/kustomization.yaml diff --git a/apps/forge/forgejo/forgejo-values-configmap.yaml b/apps/forge/forgejo/forgejo-values-configmap.yaml index 2900eb8..21dec41 100644 --- a/apps/forge/forgejo/forgejo-values-configmap.yaml +++ b/apps/forge/forgejo/forgejo-values-configmap.yaml @@ -10,6 +10,8 @@ data: annotations: kubernetes.io/tls-acme: "true" nginx.ingress.kubernetes.io/proxy-body-size: "5g" + nginx.ingress.kubernetes.io/configuration-snippet: | + more_set_headers "Content-Security-Policy: frame-ancestors 'self' files.${domain}"; hosts: - host: "${forgejo_domain}" paths: @@ -84,7 +86,7 @@ data: cors: ENABLED: true SCHEME: "https" - ALLOW_DOMAIN: "files.ftt.gmbh" + ALLOW_DOMAIN: "files.${domain}" ALLOW_CREDENTIALS: true # log: # LEVEL: "Debug" diff --git a/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml b/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml index 0c49dae..a171077 100644 --- a/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml +++ b/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml @@ -17,7 +17,7 @@ data: certManager: true annotations: nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "Content-Security-Policy: frame-ancestors 'self' ${nextcloud_domain}"; + more_set_headers "Content-Security-Policy: frame-ancestors 'self' files.${domain}"; commonLabels: stackspin.net/backupSet: "invoiceninja" podLabels: diff --git a/apps/support/zammad/zammad-values-configmap.yaml b/apps/support/zammad/zammad-values-configmap.yaml index a4383b9..7bd3d82 100644 --- a/apps/support/zammad/zammad-values-configmap.yaml +++ b/apps/support/zammad/zammad-values-configmap.yaml @@ -18,6 +18,8 @@ data: enabled: true annotations: kubernetes.io/tls-acme: "true" + nginx.ingress.kubernetes.io/configuration-snippet: | + more_set_headers "Content-Security-Policy: frame-ancestors 'self' files.${domain}"; hosts: - host: "${zammad_domain}" paths: diff --git a/overrides/kustomization.yaml b/overrides/kustomization.yaml deleted file mode 100644 index 805616c..0000000 --- a/overrides/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - #- stackspin-zulip-override.yaml # no push notifications for now - - stackspin-nextcloud-override.yaml - - stackspin-nginx-ingress-override.yaml - - stackspin-apps-custom.yaml - - storageclass-retain.yaml - - source-controller-patch.yaml diff --git a/overrides/stackspin-zulip-override.yaml b/overrides/stackspin-zulip-override.yaml index 4e72c8c..5acc8ea 100644 --- a/overrides/stackspin-zulip-override.yaml +++ b/overrides/stackspin-zulip-override.yaml @@ -5,6 +5,30 @@ metadata: name: stackspin-zulip-override data: values.yaml: | - zulip: - environment: - SETTING_PUSH_NOTIFICATION_BOUNCER_URL: 'https://push.zulipchat.com' + ingress: + annotations: + nginx.ingress.kubernetes.io/configuration-snippet: | + more_set_headers "Content-Security-Policy: frame-ancestors 'self' files.${domain}"; + + #zulip: + # environment: + # SETTING_PUSH_NOTIFICATION_BOUNCER_URL: 'https://push.zulipchat.com' + ## https://github.com/zulip/docker-zulip/blob/main/kubernetes/chart/zulip/values.yaml + #ingress: + # enabled: true + # annotations: + # # Tell cert-manager to automatically get a TLS certificate + # kubernetes.io/tls-acme: "true" + # # Allow bigger uploads, for image and file attaching. + # # 25M is the default limit of Zulip itself, so we just follow that + # # suggestion here. If you want to increase this further, you'd have to + # # configure that limit in Zulip as well. + # nginx.ingress.kubernetes.io/proxy-body-size: "25m" + # hosts: + # - host: "${zulip_domain}" + # paths: + # - path: "/" + # tls: + # - hosts: + # - "${zulip_domain}" + # secretName: stackspin-zulip