From 0df508f53357f09d8eee8668687d7d5ef5636172 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20M=C3=A9rigot?= Date: Thu, 1 Feb 2024 13:51:45 +0100 Subject: [PATCH] fix: add CSP with a ROOT trusted domain --- cms/config/middlewares.ts | 24 ++++++++++++++++++++++-- docker-compose.e2e.yml | 4 +++- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/cms/config/middlewares.ts b/cms/config/middlewares.ts index 829f5c04df..c04616a5a9 100644 --- a/cms/config/middlewares.ts +++ b/cms/config/middlewares.ts @@ -1,9 +1,29 @@ export default [ 'strapi::logger', 'strapi::errors', - 'strapi::security', + { + name: 'strapi::security', + config: { + contentSecurityPolicy: { + useDefaults: true, + directives: { + 'img-src': [ + "'self'", + "data:", + "blob:", + `*.${process.env.TRUSTED_ROOT_DOMAIN}`, + ], + 'media-src': [ + "'self'", + "data:", + "blob:", + `*.${process.env.TRUSTED_ROOT_DOMAIN}`, + ], + }, + }, + }, + }, 'strapi::cors', - 'strapi::poweredBy', 'strapi::query', 'strapi::body', 'strapi::session', diff --git a/docker-compose.e2e.yml b/docker-compose.e2e.yml index 12e95e4fb9..0deaf61141 100644 --- a/docker-compose.e2e.yml +++ b/docker-compose.e2e.yml @@ -158,6 +158,8 @@ services: S3_ENDPOINT: http://s3:9000 S3_REGION: fr-par S3_BUCKET: cms + S3_PUBLIC_URL: https://cms.s3.covoiturage.test + TRUSTED_ROOT_DOMAIN: covoiturage.test labels: - 'traefik.enable=true' - 'traefik.http.routers.api.rule=Host(`cms.covoiturage.test`)' @@ -221,7 +223,7 @@ services: MINIO_DOMAIN: s3.covoiturage.test labels: - 'traefik.enable=true' - - 'traefik.http.routers.s3.rule=Host(`s3.covoiturage.test`, `local-pdc-export.s3.covoiturage.test`, `download.covoiturage.test`)' + - 'traefik.http.routers.s3.rule=Host(`s3.covoiturage.test`, `local-pdc-export.s3.covoiturage.test`, `download.covoiturage.test`, `cms.s3.covoiturage.test`)' - 'traefik.http.routers.s3.entrypoints=websecure' - 'traefik.http.routers.s3.tls=true' - 'traefik.http.services.s3.loadbalancer.server.port=9000'