Csp: set header only for static and get requests
This commit is contained in:
parent
d39cb60c38
commit
dc31122bb3
@ -91,30 +91,6 @@ server {
|
||||
proxy_set_header Proxy "";
|
||||
|
||||
|
||||
set $csp "";
|
||||
access_by_lua '
|
||||
local key = string.format("csp:%s",ngx.var.host)
|
||||
local redis = require "resty.redis"
|
||||
local red = redis:new()
|
||||
local redis_host = "127.0.0.1"
|
||||
local redis_port = 6379
|
||||
|
||||
red:set_timeout(1000) -- 1 second
|
||||
|
||||
local ok, err = red:connect(redis_host, redis_port)
|
||||
if not ok then
|
||||
ngx.log(ngx.ERR, "failed to connect to redis: ", err)
|
||||
end
|
||||
|
||||
local csp, err = red:hget(key, "data")
|
||||
|
||||
if csp == ngx.null then
|
||||
ngx.log(ngx.ERR, "failed to get redis key: ", err)
|
||||
else
|
||||
ngx.header.Content_Security_Policy = csp
|
||||
end
|
||||
';
|
||||
|
||||
location ~* ^/ds-vpath/ {
|
||||
rewrite /ds-vpath/(.*) /$1 break;
|
||||
|
||||
@ -136,6 +112,31 @@ server {
|
||||
}
|
||||
|
||||
location / {
|
||||
set $csp "";
|
||||
access_by_lua '
|
||||
if ngx.req.get_method() == "GET" then
|
||||
local key = string.format("csp:%s",ngx.var.host)
|
||||
local redis = require "resty.redis"
|
||||
local red = redis:new()
|
||||
local redis_host = "127.0.0.1"
|
||||
local redis_port = 6379
|
||||
|
||||
red:set_timeout(1000) -- 1 second
|
||||
|
||||
local ok, err = red:connect(redis_host, redis_port)
|
||||
if not ok then
|
||||
ngx.log(ngx.ERR, "failed to connect to redis: ", err)
|
||||
end
|
||||
|
||||
local csp, err = red:hget(key, "data")
|
||||
|
||||
if csp == ngx.null then
|
||||
ngx.log(ngx.ERR, "failed to get redis key: ", err)
|
||||
else
|
||||
ngx.header.Content_Security_Policy = csp
|
||||
end
|
||||
end
|
||||
';
|
||||
proxy_pass http://127.0.0.1:5001;
|
||||
location ~* /(manifest.json|sw.js|appIcon(.)*\.png|icon.svg|bg-error.png|favicon.ico|debuginfo.md) {
|
||||
try_files /$basename /index.html =404;
|
||||
|
Loading…
Reference in New Issue
Block a user