fix(k8s): ingress annotations (#94)

* fix(k8s): ingress annotations * fix: lock * fix * csp * csp * csp
SocialGouv · Feb 7, 2023 · a2d0a73 · a2d0a73
1 parent 25d60c5
commit a2d0a73
Show file tree

Hide file tree

Showing 4 changed files with 5,314 additions and 39,921 deletions.
diff --git a/.eslintrc.json b/.eslintrc.json
@@ -6,6 +6,7 @@
     "@next/next/no-html-link-for-pages": "off",
     "@next/next/no-img-element": "off",
     "react/no-unescaped-entities": "off",
-    "react/no-children-prop": "off"
+    "react/no-children-prop": "off",
+    "react/no-unknown-property": "warn"
   }
 }
diff --git a/.kube-workflow/values.yaml b/.kube-workflow/values.yaml
@@ -11,3 +11,10 @@ app:
   probesPath: /healthz
   replicas: 1
   imagePackage: app
+  ingress:
+    annotations:
+      nginx.ingress.kubernetes.io/configuration-snippet: |
+        more_set_headers "Content-Security-Policy: default-src 'none'; connect-src 'self' https://*.gouv.fr https://plausible.numericite.eu; font-src 'self' data:; img-src 'self' data:; prefetch-src 'self' https://*.gouv.fr; script-src 'self' https://plausible.numericite.eu https://cdn.ravenjs.com https://*.gouv.fr 'unsafe-inline'; frame-src 'self' https://*.gouv.fr; style-src 'self' 'unsafe-inline'; manifest-src 'self'";
+        more_set_headers "X-Frame-Options: deny";
+        more_set_headers "X-XSS-Protection: 1; mode=block";
+        more_set_headers "X-Content-Type-Options: nosniff";