Skip to content

Commit cdba43c

Browse files
aledbfaledbf
committed
Configure headers
1 parent 2f9cd74 commit cdba43c

File tree

2 files changed

+13
-13
lines changed

2 files changed

+13
-13
lines changed

.werft/values.dev.yaml

-4
Original file line numberDiff line numberDiff line change
@@ -8,11 +8,7 @@ hostname: staging.gitpod-dev.com
88
imagePrefix: eu.gcr.io/gitpod-core-dev/build/
99
certificatesSecret:
1010
secretName: proxy-config-certificates
11-
fullChainName: tls.crt
12-
chainName: tls.crt
13-
keyName: tls.key
1411
version: not-set
15-
forceHTTPS: false
1612
imagePullPolicy: Always
1713
affinity:
1814
nodeAffinity:

components/proxy/conf/Caddyfile

+13-9
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@
2828
# disable clients from sniffing the media type
2929
X-Content-Type-Options nosniff
3030
# Define valid parents that may embed a page
31-
Content-Security-Policy frame-ancestors 'self' https://*.{$GITPOD_DOMAIN} https://{$GITPOD_DOMAIN}
31+
Content-Security-Policy "frame-ancestors self https://*.{$GITPOD_DOMAIN} https://{$GITPOD_DOMAIN}"
3232
# keep referrer data off of HTTP connections
3333
Referrer-Policy no-referrer-when-downgrade
3434
# Enable cross-site filter (XSS) and tell browser to block detected attacks
@@ -40,9 +40,17 @@
4040

4141
(enable_log) {
4242
log {
43-
output stdout
44-
format json {
45-
time_format rfc3339
43+
output discard
44+
format filter {
45+
wrap json
46+
fields {
47+
logger delete
48+
msg delete
49+
size delete
50+
status delete
51+
resp_headers delete
52+
request delete
53+
}
4654
}
4755
}
4856
}
@@ -104,6 +112,7 @@ https://{$GITPOD_DOMAIN} {
104112
import enable_log
105113
import remove_server_header
106114
import ssl_configuration
115+
import security_headers
107116

108117
@workspace_download path /workspace-download*
109118
handle @workspace_download {
@@ -148,7 +157,6 @@ https://{$GITPOD_DOMAIN} {
148157
base_domain {$GITPOD_DOMAIN}
149158
}
150159

151-
import security_headers
152160
import compression
153161

154162
uri strip_prefix /api
@@ -164,7 +172,6 @@ https://{$GITPOD_DOMAIN} {
164172
base_domain {$GITPOD_DOMAIN}
165173
}
166174

167-
import security_headers
168175
import compression
169176

170177
reverse_proxy server.{$KUBE_NAMESPACE}.{$KUBE_DOMAIN}:3000 {
@@ -177,7 +184,6 @@ https://{$GITPOD_DOMAIN} {
177184

178185
@to_server path /auth/github/callback /auth /auth/* /apps /apps/*
179186
handle @to_server {
180-
import security_headers
181187
import compression
182188

183189
reverse_proxy server.{$KUBE_NAMESPACE}.{$KUBE_DOMAIN}:3000 {
@@ -187,8 +193,6 @@ https://{$GITPOD_DOMAIN} {
187193
}
188194

189195
handle {
190-
import security_headers
191-
192196
reverse_proxy dashboard.{$KUBE_NAMESPACE}.{$KUBE_DOMAIN}:3001 {
193197
import upstream_headers
194198
import upstream_connection

0 commit comments

Comments
 (0)