From 9fe5a57720cbd07ad56ae81fe979edbca50c06df Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Mon, 24 Oct 2022 13:37:30 +0200
Subject: [PATCH] support content-security-policy.

---
 gcube-token-docker/nginx.default.conf.j2 | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/gcube-token-docker/nginx.default.conf.j2 b/gcube-token-docker/nginx.default.conf.j2
index 497ff17..8f60cad 100644
--- a/gcube-token-docker/nginx.default.conf.j2
+++ b/gcube-token-docker/nginx.default.conf.j2
@@ -22,6 +22,25 @@ server {
 
   client_max_body_size {{ docker_pep_max_body_size | default('100M') }};
 
+  {% if docker_pep_xss_protection | default(True) %}
+  proxy_hide_header X-XSS-Protection;
+  add_header X-XSS-Protection "1; mode=block;";
+  {% endif %}
+  {% if docker_pep_frame_origin | default(False) %}
+  proxy_hide_header X-Frame-Options;
+  add_header X-Frame-Options "{{ docker_pep_x_frame_options }}";
+  {% endif %}
+  {% if docker_pep_set_content_security_options | default(False) %}
+  proxy_hide_header Content-Security-Policy;
+  {% if docker_pep_disable_content_security_options | default(False) %}
+  add_header Content-Security-Policy "";
+  {% else %}
+  add_header Content-Security-Policy "frame-src{% for s in docker_pep_content_security_src_acl %} {{ s }}{% endfor %}; frame-ancestors{% for l in docker_pep_content_security_ancestor_acl %} {{ l }}{% endfor %};";
+  {% endif %}
+  {% endif %}
+
+  server_tokens off;
+
   proxy_http_version 1.1;
   proxy_set_header Connection "";
   proxy_set_header Host $http_host;