From 3ec803fadfea3991d30eb291cac7296ad09b85d8 Mon Sep 17 00:00:00 2001
From: elena <elena@tresipunt.com>
Date: Wed, 15 Feb 2023 13:22:06 +0000
Subject: [PATCH] wp can upload videos

---
 dd-sso/docker/haproxy/haproxy.cnf.parts/backends.cnf | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/dd-sso/docker/haproxy/haproxy.cnf.parts/backends.cnf b/dd-sso/docker/haproxy/haproxy.cnf.parts/backends.cnf
index d341b8f..67af545 100644
--- a/dd-sso/docker/haproxy/haproxy.cnf.parts/backends.cnf
+++ b/dd-sso/docker/haproxy/haproxy.cnf.parts/backends.cnf
@@ -48,9 +48,12 @@ backend be_oof
 
 backend be_wp
 	mode http
-	# Add security headers here, as WP is a tad of a pain to setup
-	http-response set-header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data: *; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com maxcdn.bootstrapcdn.com; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com"
-	http-response set-header X-Content-Type-Options "nosniff"
+	acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found
+	acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found
+	http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host
+	http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto
+    http-request set-header X-SSL %[ssl_fc]
+    http-request set-header X-Forwarded-Proto https
 	server wp dd-apps-wordpress:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none
 #
 # END: backends.cnf