From d875c6ed1e3ecd8b6adec65eb2ddc60555215ee8 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 4 Nov 2021 14:23:53 +0100 Subject: [PATCH] Try to be iframe friendly. --- defaults/main.yml | 1 + templates/nginx.default.conf.j2 | 56 +++++---------------------------- 2 files changed, 9 insertions(+), 48 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 106802c..4c747f3 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -26,6 +26,7 @@ inception_project_disable_crsf: True # In seconds inception_project_backup_keep_time: 0 inception_pep: True +inception_project_pep_allow_iframe: True inception_authz_audience_name: inception keycloak_auth_server: https://localhost #keycloak_auth_credentials_prod: 'use a vault file' diff --git a/templates/nginx.default.conf.j2 b/templates/nginx.default.conf.j2 index 957cb89..cc6bbbb 100644 --- a/templates/nginx.default.conf.j2 +++ b/templates/nginx.default.conf.j2 @@ -23,12 +23,17 @@ server { proxy_set_header Connection $connection_upgrade; {% endif %} +{% if inception_project_pep_allow_iframe %} + proxy_hide_header X-Frame-Options; + add_header X-Frame-Options ""; +{% endif %} + proxy_buffering off; # Required for HTTP-based CLI to work over SSL + # Required for new HTTP-based CLI + proxy_request_buffering off; + location /wicket/resource/ { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - # Required for new HTTP-based CLI - proxy_request_buffering off; - proxy_buffering off; # Required for HTTP-based CLI to work over SSL proxy_set_header Connection ""; # Clear for keepalive proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; @@ -44,8 +49,6 @@ server { location /telemetry.html { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - # Required for new HTTP-based CLI - proxy_request_buffering off; proxy_buffering off; # Required for HTTP-based CLI to work over SSL proxy_set_header Connection ""; # Clear for keepalive proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -62,9 +65,6 @@ server { location ~ /telemetry.html.* { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - # Required for new HTTP-based CLI - proxy_request_buffering off; - proxy_buffering off; # Required for HTTP-based CLI to work over SSL proxy_set_header Connection ""; # Clear for keepalive proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; @@ -80,9 +80,6 @@ server { location /projects.html { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - # Required for new HTTP-based CLI - proxy_request_buffering off; - proxy_buffering off; # Required for HTTP-based CLI to work over SSL proxy_set_header Connection ""; # Clear for keepalive proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; @@ -98,9 +95,6 @@ server { location ~ /projects.html.* { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - # Required for new HTTP-based CLI - proxy_request_buffering off; - proxy_buffering off; # Required for HTTP-based CLI to work over SSL proxy_set_header Connection ""; # Clear for keepalive proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; @@ -113,13 +107,9 @@ server { proxy_pass http://_inception-server; } - location /users.html { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - # Required for new HTTP-based CLI - proxy_request_buffering off; - proxy_buffering off; # Required for HTTP-based CLI to work over SSL proxy_set_header Connection ""; # Clear for keepalive proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; @@ -135,9 +125,6 @@ server { location ~ /users.html.* { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - # Required for new HTTP-based CLI - proxy_request_buffering off; - proxy_buffering off; # Required for HTTP-based CLI to work over SSL proxy_set_header Connection ""; # Clear for keepalive proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; @@ -153,9 +140,6 @@ server { location ~ /de\.tudarmstadt\.ukp\.inception.* { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - # Required for new HTTP-based CLI - proxy_request_buffering off; - proxy_buffering off; # Required for HTTP-based CLI to work over SSL proxy_set_header Connection ""; # Clear for keepalive proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; @@ -171,9 +155,6 @@ server { location /p/ { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - # Required for new HTTP-based CLI - proxy_request_buffering off; - proxy_buffering off; # Required for HTTP-based CLI to work over SSL proxy_set_header Connection ""; # Clear for keepalive proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; @@ -189,9 +170,6 @@ server { location /manage/ { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - # Required for new HTTP-based CLI - proxy_request_buffering off; - proxy_buffering off; # Required for HTTP-based CLI to work over SSL proxy_set_header Connection ""; # Clear for keepalive proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; @@ -207,9 +185,6 @@ server { location /admin/ { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - # Required for new HTTP-based CLI - proxy_request_buffering off; - proxy_buffering off; # Required for HTTP-based CLI to work over SSL proxy_set_header Connection ""; # Clear for keepalive proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; @@ -225,9 +200,6 @@ server { location /favicon.ico { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - # Required for new HTTP-based CLI - proxy_request_buffering off; - proxy_buffering off; # Required for HTTP-based CLI to work over SSL proxy_set_header Connection ""; # Clear for keepalive proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; @@ -243,9 +215,6 @@ server { location /favicon.png { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - # Required for new HTTP-based CLI - proxy_request_buffering off; - proxy_buffering off; # Required for HTTP-based CLI to work over SSL proxy_set_header Connection ""; # Clear for keepalive proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; @@ -261,9 +230,6 @@ server { location /spinner.gif { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - # Required for new HTTP-based CLI - proxy_request_buffering off; - proxy_buffering off; # Required for HTTP-based CLI to work over SSL proxy_set_header Connection ""; # Clear for keepalive proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; @@ -279,9 +245,6 @@ server { location /images/ { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - # Required for new HTTP-based CLI - proxy_request_buffering off; - proxy_buffering off; # Required for HTTP-based CLI to work over SSL proxy_set_header Connection ""; # Clear for keepalive proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; @@ -301,9 +264,6 @@ server { location @backend { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; - # Required for new HTTP-based CLI - proxy_request_buffering off; - proxy_buffering off; # Required for HTTP-based CLI to work over SSL proxy_set_header Connection ""; # Clear for keepalive proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host;