admin/ludikevent_crm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(ansible/caddy): Met à jour la CSP et les en-têtes de sécurité pour plus de clarté et de conformité.

Browse Source
This commit is contained in:
Serreau Jovann
2026-01-15 20:13:45 +01:00
parent fea3e7ba32
commit 2aa0ce5c1e
1 changed files with 4 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
ansible/templates/caddy.j2
View File

@@ -10,31 +10,22 @@ intranet.ludikevent.fr, signature.ludikevent.fr {
max_size 100MB
}
# --- BLOC HEADER AVEC CSP ---
header {
# Empêche l'indexation
X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"
# Content Security Policy (CSP) complète
# Ajout de Cloudflare Insights pour le monitoring de performance
Content-Security-Policy "default-src 'self'; \
script-src 'self' 'unsafe-inline' https://sentry.esy-web.dev https://chat.esy-web.dev https://auth.esy-web.dev https://static.cloudflareinsights.com; \
connect-src 'self' https://sentry.esy-web.dev https://chat.esy-web.dev https://auth.esy-web.dev https://cloudflareinsights.com; \
frame-src 'self' https://chat.esy-web.dev https://auth.esy-web.dev; \
style-src 'self' 'unsafe-inline' https://chat.esy-web.dev; \
img-src 'self' data: https://chat.esy-web.dev; \
font-src 'self' data:; \
frame-ancestors 'none';"
# CSP sur une seule ligne pour éviter tout problème d'interprétation par Caddy
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://sentry.esy-web.dev https://chat.esy-web.dev https://auth.esy-web.dev https://static.cloudflareinsights.com; connect-src 'self' https://sentry.esy-web.dev https://chat.esy-web.dev https://auth.esy-web.dev https://cloudflareinsights.com; frame-src 'self' https://chat.esy-web.dev https://auth.esy-web.dev; style-src 'self' 'unsafe-inline' https://chat.esy-web.dev; img-src 'self' data: https://chat.esy-web.dev; font-src 'self' data:; frame-ancestors 'none';"
# Autres headers de sécurité
Permissions-Policy "accelerometer=(), autoplay=(), camera=(), clipboard-write=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), screen-wake-lock=(), xr-spatial-tracking=(), bluetooth=(), ambient-light-sensor=(), battery=(), gamepad=(), notifications=(), push=()"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Referrer-Policy "strict-origin-when-cross-origin"
}
php_fastcgi unix//run/php/php8.3-fpm.sock {
read_timeout 300s
write_timeout 300s
dial_timeout 100s
env HTTP_PROXY ""
}
}