GitHub-Bitwarden
/
server
mirror of https://github.com/bitwarden/server.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Make nginx Content-Security-Policy configurable (#1048) 

* Adding the nginx head Content-Security-Policy to the Configuration file

* fixing whitespace formatting

* adding a '+' that got removed
pull/1050/head
Joseph Flinn 5 years ago committed by GitHub
parent
037757a740
commit
97ba472606
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 8 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      util/Setup/Configuration.cs
  2. 10
      util/Setup/NginxConfigBuilder.cs

9
util/Setup/Configuration.cs
Unescape View File

@ -72,6 +72,15 @@ namespace Bit.Setup @@ -72,6 +72,15 @@ namespace Bit.Setup
"`/etc/ssl` within the container.")]
public string SslDiffieHellmanPath { get; set; }
[Description("Nginx Header Content-Security-Policy parameter\n" +
"WARNING: Reconfiguring this parameter may break features. By changing this parameter\n" +
"you become responsible for maintaining this value.")]
public string NginxHeaderContentSecurityPolicy { get; set; } = "default-src 'self'; style-src 'self' " +
"'unsafe-inline'; img-src 'self' data: https://haveibeenpwned.com https://www.gravatar.com; " +
"child-src 'self' https://*.duosecurity.com; frame-src 'self' https://*.duosecurity.com; " +
"connect-src 'self' wss://{0} https://api.pwnedpasswords.com " +
"https://twofactorauth.org; object-src 'self' blob:;";
[Description("Communicate with the Bitwarden push relay service (push.bitwarden.com) for mobile\n" +
"app live sync.")]
public bool PushNotifications { get; set; } = true;

10
util/Setup/NginxConfigBuilder.cs
Unescape View File

@ -6,13 +6,6 @@ namespace Bit.Setup @@ -6,13 +6,6 @@ namespace Bit.Setup
public class NginxConfigBuilder
{
private const string ConfFile = "/bitwarden/nginx/default.conf";
private const string ContentSecurityPolicy =
"default-src 'self'; style-src 'self' 'unsafe-inline'; " +
"img-src 'self' data: https://haveibeenpwned.com https://www.gravatar.com; " +
"child-src 'self' https://*.duosecurity.com; frame-src 'self' https://*.duosecurity.com; " +
"connect-src 'self' wss://{0} https://api.pwnedpasswords.com " +
"https://twofactorauth.org; " +
"object-src 'self' blob:;";
private readonly Context _context;
@ -79,6 +72,7 @@ namespace Bit.Setup @@ -79,6 +72,7 @@ namespace Bit.Setup
Domain = context.Config.Domain;
Url = context.Config.Url;
RealIps = context.Config.RealIps;
ContentSecurityPolicy = string.Format(context.Config.NginxHeaderContentSecurityPolicy, Domain);
if (Ssl)
{
@ -129,7 +123,7 @@ namespace Bit.Setup @@ -129,7 +123,7 @@ namespace Bit.Setup
public string DiffieHellmanPath { get; set; }
public string SslCiphers { get; set; }
public string SslProtocols { get; set; }
public string ContentSecurityPolicy => string.Format(NginxConfigBuilder.ContentSecurityPolicy, Domain);
public string ContentSecurityPolicy { get; set; }
public List<string> RealIps { get; set; }
}
}

Write Preview
Loading…
Cancel
Save