[WP] Add CSP and Content-Type-Options headers
We do this more reliably on HAProxy, as doing it from WP requires specialised plugins and in DD we are sure that traffic goes through the corresponding HAProxy backend.GON-3874-DD-moodle
parent
08ed2bb1bb
commit
740f799b9c
|
@ -48,9 +48,9 @@ backend be_oof
|
||||||
|
|
||||||
backend be_wp
|
backend be_wp
|
||||||
mode http
|
mode http
|
||||||
|
# Add security headers here, as WP is a tad of a pain to setup
|
||||||
http-request set-header X-SSL %[ssl_fc]
|
http-response set-header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data: *; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com maxcdn.bootstrapcdn.com; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com"
|
||||||
http-request set-header X-Forwarded-Proto https
|
http-response set-header X-Content-Type-Options "nosniff"
|
||||||
server wp dd-apps-wordpress:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none
|
server wp dd-apps-wordpress:80 check port 80 inter 5s rise 2 fall 10 resolvers mydns init-addr none
|
||||||
#
|
#
|
||||||
# END: backends.cnf
|
# END: backends.cnf
|
||||||
|
|
|
@ -12,6 +12,9 @@
|
||||||
http-request del-header X-Forwarded-Proto
|
http-request del-header X-Forwarded-Proto
|
||||||
# But add our forwarding headers instead
|
# But add our forwarding headers instead
|
||||||
option forwardfor
|
option forwardfor
|
||||||
|
# We are always doing TLS, except for redirections
|
||||||
|
http-request set-header X-SSL %[ssl_fc]
|
||||||
|
http-request set-header X-Forwarded-Proto https
|
||||||
|
|
||||||
# New line to test URI to see if its a letsencrypt request
|
# New line to test URI to see if its a letsencrypt request
|
||||||
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
|
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
|
||||||
|
|
Loading…
Reference in New Issue