Allow iframing from Nextcloud for more apps again

2024-04-10 15:12:14 +02:00 · 2024-04-10 15:12:14 +02:00 · 65049a09b5
parent 0ac0a6eeb2
commit 65049a09b5
5 changed files with 33 additions and 14 deletions
--- a/apps/forge/forgejo/forgejo-values-configmap.yaml
+++ b/apps/forge/forgejo/forgejo-values-configmap.yaml
@ -10,6 +10,8 @@ data:
      annotations:
        kubernetes.io/tls-acme: "true"
        nginx.ingress.kubernetes.io/proxy-body-size: "5g"
+        nginx.ingress.kubernetes.io/configuration-snippet: |
+          more_set_headers "Content-Security-Policy: frame-ancestors 'self' files.${domain}";
      hosts:
        - host: "${forgejo_domain}"
          paths:
@ -84,7 +86,7 @@ data:
        cors:
          ENABLED: true
          SCHEME: "https"
-          ALLOW_DOMAIN: "files.ftt.gmbh"
+          ALLOW_DOMAIN: "files.${domain}"
          ALLOW_CREDENTIALS: true
        # log:
          # LEVEL: "Debug"
--- a/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml
+++ b/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml
@ -17,7 +17,7 @@ data:
      certManager: true
      annotations:
        nginx.ingress.kubernetes.io/configuration-snippet: |
-          more_set_headers "Content-Security-Policy: frame-ancestors 'self' ${nextcloud_domain}";
+          more_set_headers "Content-Security-Policy: frame-ancestors 'self' files.${domain}";
    commonLabels:
      stackspin.net/backupSet: "invoiceninja"
    podLabels:
--- a/apps/support/zammad/zammad-values-configmap.yaml
+++ b/apps/support/zammad/zammad-values-configmap.yaml
@ -18,6 +18,8 @@ data:
      enabled: true
      annotations:
        kubernetes.io/tls-acme: "true"
+        nginx.ingress.kubernetes.io/configuration-snippet: |
+          more_set_headers "Content-Security-Policy: frame-ancestors 'self' files.${domain}";
      hosts:
        - host: "${zammad_domain}"
          paths:
--- a/overrides/kustomization.yaml
+++ b/overrides/kustomization.yaml
@ -1,9 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  #- stackspin-zulip-override.yaml # no push notifications for now
-  - stackspin-nextcloud-override.yaml
-  - stackspin-nginx-ingress-override.yaml
-  - stackspin-apps-custom.yaml
-  - storageclass-retain.yaml
-  - source-controller-patch.yaml
--- a/overrides/stackspin-zulip-override.yaml
+++ b/overrides/stackspin-zulip-override.yaml
@ -5,6 +5,30 @@ metadata:
  name: stackspin-zulip-override
 data:
  values.yaml: |
-    zulip:
-      environment:
-        SETTING_PUSH_NOTIFICATION_BOUNCER_URL: 'https://push.zulipchat.com'
+    ingress:
+      annotations:
+        nginx.ingress.kubernetes.io/configuration-snippet: |
+          more_set_headers "Content-Security-Policy: frame-ancestors 'self' files.${domain}";
+
+    #zulip:
+    #  environment:
+    #    SETTING_PUSH_NOTIFICATION_BOUNCER_URL: 'https://push.zulipchat.com'
+    ## https://github.com/zulip/docker-zulip/blob/main/kubernetes/chart/zulip/values.yaml
+    #ingress:
+    #  enabled: true
+    #  annotations:
+    #    # Tell cert-manager to automatically get a TLS certificate
+    #    kubernetes.io/tls-acme: "true"
+    #    # Allow bigger uploads, for image and file attaching.
+    #    # 25M is the default limit of Zulip itself, so we just follow that
+    #    # suggestion here. If you want to increase this further, you'd have to
+    #    # configure that limit in Zulip as well.
+    #    nginx.ingress.kubernetes.io/proxy-body-size: "25m"
+    #  hosts:
+    #    - host: "${zulip_domain}"
+    #      paths:
+    #        - path: "/"
+    #  tls:
+    #    - hosts:
+    #        - "${zulip_domain}"
+    #      secretName: stackspin-zulip