Csp: set header only for static and get requests

config/nginx/onlyoffice.conf

@@ -91,30 +91,6 @@ server {
 	proxy_set_header Proxy "";
 		
 	
-	set $csp "";
-	access_by_lua '
-		local key = string.format("csp:%s",ngx.var.host)
-		local redis = require "resty.redis"
-		local red = redis:new()
-		local redis_host = "127.0.0.1"
-		local redis_port = 6379
-
-		red:set_timeout(1000) -- 1 second
-
-		local ok, err = red:connect(redis_host, redis_port)
-		if not ok then
-			ngx.log(ngx.ERR, "failed to connect to redis: ", err)
-		end
-
-		local csp, err = red:hget(key, "data")
-		
-		if csp == ngx.null then
-			ngx.log(ngx.ERR, "failed to get redis key: ", err)
-		else
-			ngx.header.Content_Security_Policy = csp
-		end
-	';
-	
 	location ~* ^/ds-vpath/ {
 		rewrite /ds-vpath/(.*) /$1  break;
 
@@ -136,6 +112,31 @@ server {
 	}
 	
 	location / {
+		set $csp "";
+	access_by_lua '
+	if ngx.req.get_method() == "GET" then
+		local key = string.format("csp:%s",ngx.var.host)
+		local redis = require "resty.redis"
+		local red = redis:new()
+		local redis_host = "127.0.0.1"
+		local redis_port = 6379
+
+		red:set_timeout(1000) -- 1 second
+
+		local ok, err = red:connect(redis_host, redis_port)
+		if not ok then
+			ngx.log(ngx.ERR, "failed to connect to redis: ", err)
+		end
+
+		local csp, err = red:hget(key, "data")
+		
+		if csp == ngx.null then
+			ngx.log(ngx.ERR, "failed to get redis key: ", err)
+		else
+			ngx.header.Content_Security_Policy = csp
+		end
+	end
+	';
 		proxy_pass http://127.0.0.1:5001;
 		location ~* /(manifest.json|sw.js|appIcon(.)*\.png|icon.svg|bg-error.png|favicon.ico|debuginfo.md) {
 			try_files /$basename /index.html =404;