Csp: set header only for static and get requests
This commit is contained in:
parent
d39cb60c38
commit
dc31122bb3
@ -91,30 +91,6 @@ server {
|
|||||||
proxy_set_header Proxy "";
|
proxy_set_header Proxy "";
|
||||||
|
|
||||||
|
|
||||||
set $csp "";
|
|
||||||
access_by_lua '
|
|
||||||
local key = string.format("csp:%s",ngx.var.host)
|
|
||||||
local redis = require "resty.redis"
|
|
||||||
local red = redis:new()
|
|
||||||
local redis_host = "127.0.0.1"
|
|
||||||
local redis_port = 6379
|
|
||||||
|
|
||||||
red:set_timeout(1000) -- 1 second
|
|
||||||
|
|
||||||
local ok, err = red:connect(redis_host, redis_port)
|
|
||||||
if not ok then
|
|
||||||
ngx.log(ngx.ERR, "failed to connect to redis: ", err)
|
|
||||||
end
|
|
||||||
|
|
||||||
local csp, err = red:hget(key, "data")
|
|
||||||
|
|
||||||
if csp == ngx.null then
|
|
||||||
ngx.log(ngx.ERR, "failed to get redis key: ", err)
|
|
||||||
else
|
|
||||||
ngx.header.Content_Security_Policy = csp
|
|
||||||
end
|
|
||||||
';
|
|
||||||
|
|
||||||
location ~* ^/ds-vpath/ {
|
location ~* ^/ds-vpath/ {
|
||||||
rewrite /ds-vpath/(.*) /$1 break;
|
rewrite /ds-vpath/(.*) /$1 break;
|
||||||
|
|
||||||
@ -136,6 +112,31 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
|
set $csp "";
|
||||||
|
access_by_lua '
|
||||||
|
if ngx.req.get_method() == "GET" then
|
||||||
|
local key = string.format("csp:%s",ngx.var.host)
|
||||||
|
local redis = require "resty.redis"
|
||||||
|
local red = redis:new()
|
||||||
|
local redis_host = "127.0.0.1"
|
||||||
|
local redis_port = 6379
|
||||||
|
|
||||||
|
red:set_timeout(1000) -- 1 second
|
||||||
|
|
||||||
|
local ok, err = red:connect(redis_host, redis_port)
|
||||||
|
if not ok then
|
||||||
|
ngx.log(ngx.ERR, "failed to connect to redis: ", err)
|
||||||
|
end
|
||||||
|
|
||||||
|
local csp, err = red:hget(key, "data")
|
||||||
|
|
||||||
|
if csp == ngx.null then
|
||||||
|
ngx.log(ngx.ERR, "failed to get redis key: ", err)
|
||||||
|
else
|
||||||
|
ngx.header.Content_Security_Policy = csp
|
||||||
|
end
|
||||||
|
end
|
||||||
|
';
|
||||||
proxy_pass http://127.0.0.1:5001;
|
proxy_pass http://127.0.0.1:5001;
|
||||||
location ~* /(manifest.json|sw.js|appIcon(.)*\.png|icon.svg|bg-error.png|favicon.ico|debuginfo.md) {
|
location ~* /(manifest.json|sw.js|appIcon(.)*\.png|icon.svg|bg-error.png|favicon.ico|debuginfo.md) {
|
||||||
try_files /$basename /index.html =404;
|
try_files /$basename /index.html =404;
|
||||||
|
Loading…
Reference in New Issue
Block a user