From 010b422c42c277e95e9af0b6212e1504c48b18ce Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 24 Mar 2022 14:34:59 +0100 Subject: [PATCH] new managed options. Cookies, origin. --- defaults/main.yml | 5 +++++ templates/shinyproxy-2-conf.yml.j2 | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 88af109..3952e13 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -33,6 +33,11 @@ shinyproxy_prometheus_port: 9090 shinyproxy_expose_prometheus: True # 30 minutes shinyproxy_server_session_timeout: 1800 +shinyproxy_server_secure_cookies: 'true' +# disable, deny, sameorigin, allow-from https://site +shinyproxy_server_frame_options: 'sameorigin' +# None, Lax, Strict +shinyproxy_same_site_cookie: 'Lax' # For logrotate. In days shinyproxy_log_retention: 10 shinyproxy_default_apps: True diff --git a/templates/shinyproxy-2-conf.yml.j2 b/templates/shinyproxy-2-conf.yml.j2 index 15da3da..1e0a292 100644 --- a/templates/shinyproxy-2-conf.yml.j2 +++ b/templates/shinyproxy-2-conf.yml.j2 @@ -1,11 +1,12 @@ -{% if shinyproxy_version is version_compare('2.4.0', '>=') %} server: +{% if shinyproxy_version is version_compare('2.4.0', '>=') %} forward-headers-strategy: native {% else %} -server: useForwardHeaders: true {% endif %} servlet.session.timeout: {{ shinyproxy_server_session_timeout }} + secure-cookies: {{ shinyproxy_server_secure_cookies }} + frame-options: {{ shinyproxy_server_frame_options }} proxy: title: {{ shinyproxy_app_title }} @@ -21,6 +22,7 @@ proxy: recover-running-proxies-from-different-config: {{ shinyproxy_recover_running_proxies_from_different_config }} default-stop-proxy-on-logout: {{ shinyproxy_default_stop_proxy_on_logout }} default-proxy-max-lifetime: {{ shinyproxy_default_proxy_max_lifetime }} + same-site-cookie: {{ shinyproxy_same_site_cookie }} {% endif %} {% if shinyproxy_container_backend == 'docker-swarm' %} bind-address: 0.0.0.0