Merge pull request #33 from DataKitchen/release/2.7.5

datakitchen-devops · web-flow · commit 9daaac3c1edf · 2025-08-25T13:58:52.000-04:00
Release/2.7.5
diff --git a/observability_ui/apps/shell/src/index.html b/observability_ui/apps/shell/src/index.html
@@ -14,7 +14,7 @@
     <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
 
     <link rel="preload"
-      href="https://cdn.materialdesignicons.com/6.5.95/css/materialdesignicons.min.css"
+      href="https://cdn.jsdelivr.net/npm/@mdi/font@6.5.95/css/materialdesignicons.min.css"
       as="style"
       integrity="sha512-Zw6ER2h5+Zjtrej6afEKgS8G5kehmDAHYp9M2xf38MPmpUWX39VrYmdGtCrDQbdLQrTnBVT8/gcNhgS4XPgvEg=="
       crossorigin="anonymous"
diff --git a/observability_ui/nginx.conf b/observability_ui/nginx.conf
@@ -65,7 +65,14 @@ http {
       try_files /shell$uri /shell/index.html =404;
 
       add_header X-Content-Type-Options nosniff always;
-      add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'nonce-${request_id}' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.materialdesignicons.com https://cdn.jsdelivr.net; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; frame-ancestors 'none'; connect-src 'self' https://fonts.gstatic.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net ${api_hostname}; ${csp_extra}" always;
+      add_header X-Frame-Options deny always;
+      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+      add_header Referrer-Policy strict-origin-when-cross-origin;
+      add_header Permissions-Policy "attribution-reporting=(self),deferred-fetch=(self),deferred-fetch-minimal=(self),fullscreen=(self),storage-access=(self),web-share=(self),accelerometer=(),autoplay=(),bluetooth=(),camera=(),captured-surface-control=(),compute-pressure=(),cross-origin-isolated=(),display-capture=(),encrypted-media=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=(),language-detector=(),microphone=(),local-fonts=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),publickey-credentials-create=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),summarizer=(),translator=(),usb=(),window-management=(),xr-spatial-tracking=()";
+      add_header Cross-Origin-Opener-Policy same-origin;
+      add_header Cross-Origin-Resource-Policy same-origin;
+      add_header Cross-Origin-Embedder-Policy require-corp;
+      add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'nonce-${request_id}' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; frame-ancestors 'none'; connect-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net ${api_hostname}; ${csp_extra}" always;
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -65,7 +65,14 @@ http {`
`65`	`65`	`try_files /shell$uri /shell/index.html =404;`
`66`	`66`
`67`	`67`	`add_header X-Content-Type-Options nosniff always;`
`68`		`- add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'nonce-${request_id}' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.materialdesignicons.com https://cdn.jsdelivr.net; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; frame-ancestors 'none'; connect-src 'self' https://fonts.gstatic.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net ${api_hostname}; ${csp_extra}" always;`
	`68`	`+ add_header X-Frame-Options deny always;`
	`69`	`+ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;`
	`70`	`+ add_header Referrer-Policy strict-origin-when-cross-origin;`
	`71`	+ add_header Permissions-Policy "attribution-reporting=(self),deferred-fetch=(self),deferred-fetch-minimal=(self),fullscreen=(self),storage-access=(self),web-share=(self),accelerometer=(),autoplay=(),bluetooth=(),camera=(),captured-surface-control=(),compute-pressure=(),cross-origin-isolated=(),display-capture=(),encrypted-media=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=(),language-detector=(),microphone=(),local-fonts=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),publickey-credentials-create=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),summarizer=(),translator=(),usb=(),window-management=(),xr-spatial-tracking=()";
	`72`	`+ add_header Cross-Origin-Opener-Policy same-origin;`
	`73`	`+ add_header Cross-Origin-Resource-Policy same-origin;`
	`74`	`+ add_header Cross-Origin-Embedder-Policy require-corp;`
	`75`	`+ add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'nonce-${request_id}' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; frame-ancestors 'none'; connect-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net ${api_hostname}; ${csp_extra}" always;`
`69`	`76`	`}`
`70`	`77`	`}`
`71`	`78`	`}`