Merge pull request #19 from DataKitchen/release/2.2.2

datakitchen-devops · web-flow · commit b79cf15a8341 · 2024-08-22T12:37:34.000-04:00
Release: 2.2.2
diff --git a/deploy/docker/observability-ui.dockerfile b/deploy/docker/observability-ui.dockerfile
@@ -23,6 +23,7 @@ FROM ${BASE_IMAGE_URL}nginxinc/nginx-unprivileged:1.25
 WORKDIR /observability_ui
 
 ENV OBSERVABILITY_API_HOSTNAME=
+ENV OBSERVABILITY_CSP_EXTRA=
 ENV NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx
 
 COPY --from=build-image --chown=nginx:nginx /observability_ui/dist /observability_ui
diff --git a/observability_ui/nginx.conf b/observability_ui/nginx.conf
@@ -58,11 +58,12 @@ http {
       sub_filter_once off;
       sub_filter RandomNonceValue $request_id;
       set $api_hostname "$OBSERVABILITY_API_HOSTNAME";
+      set $csp_extra "$OBSERVABILITY_CSP_EXTRA";
 
       try_files /shell$uri /shell/index.html =404;
 
       add_header X-Content-Type-Options nosniff always;
-      add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'nonce-${request_id}' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.materialdesignicons.com https://cdn.jsdelivr.net; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; frame-ancestors 'none'; connect-src 'self' https://fonts.gstatic.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net ${api_hostname}; upgrade-insecure-requests;" always;
+      add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'nonce-${request_id}' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.materialdesignicons.com https://cdn.jsdelivr.net; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; frame-ancestors 'none'; connect-src 'self' https://fonts.gstatic.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net ${api_hostname}; ${csp_extra}" always;
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -58,11 +58,12 @@ http {`
`58`	`58`	`sub_filter_once off;`
`59`	`59`	`sub_filter RandomNonceValue $request_id;`
`60`	`60`	`set $api_hostname "$OBSERVABILITY_API_HOSTNAME";`
	`61`	`+ set $csp_extra "$OBSERVABILITY_CSP_EXTRA";`
`61`	`62`
`62`	`63`	`try_files /shell$uri /shell/index.html =404;`
`63`	`64`
`64`	`65`	`add_header X-Content-Type-Options nosniff always;`
`65`		`- add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'nonce-${request_id}' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.materialdesignicons.com https://cdn.jsdelivr.net; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; frame-ancestors 'none'; connect-src 'self' https://fonts.gstatic.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net ${api_hostname}; upgrade-insecure-requests;" always;`
	`66`	`+ add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'nonce-${request_id}' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://cdn.materialdesignicons.com https://cdn.jsdelivr.net; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net; frame-ancestors 'none'; connect-src 'self' https://fonts.gstatic.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net ${api_hostname}; ${csp_extra}" always;`
`66`	`67`	`}`
`67`	`68`	`}`
`68`	`69`	`}`