diff --git a/deployments/examples/ocis_keycloak/config/ocis/csp.yaml b/deployments/examples/ocis_keycloak/config/ocis/csp.yaml new file mode 100644 index 00000000000..6af24773c81 --- /dev/null +++ b/deployments/examples/ocis_keycloak/config/ocis/csp.yaml @@ -0,0 +1,32 @@ +directives: + child-src: + - '''self''' + connect-src: + - '''self''' + - 'https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/' + default-src: + - '''none''' + font-src: + - '''self''' + frame-ancestors: + - '''none''' + frame-src: + - '''self''' + - 'https://embed.diagrams.net/' + img-src: + - '''self''' + - 'data:' + - 'blob:' + manifest-src: + - '''self''' + media-src: + - '''self''' + object-src: + - '''self''' + - 'blob:' + script-src: + - '''self''' + - '''unsafe-inline''' + style-src: + - '''self''' + - '''unsafe-inline''' diff --git a/deployments/examples/ocis_keycloak/docker-compose.yml b/deployments/examples/ocis_keycloak/docker-compose.yml index db540e6fc06..2944477b02e 100644 --- a/deployments/examples/ocis_keycloak/docker-compose.yml +++ b/deployments/examples/ocis_keycloak/docker-compose.yml @@ -79,8 +79,11 @@ services: GRAPH_USERNAME_MATCH: "none" # password policies OCIS_PASSWORD_POLICY_BANNED_PASSWORDS_LIST: "banned-password-list.txt" + PROXY_CSP_CONFIG_FILE_LOCATION: /etc/ocis/csp.yaml + KEYCLOAK_DOMAIN: ${KEYCLOAK_DOMAIN:-keycloak.owncloud.test} volumes: - ./config/ocis/banned-password-list.txt:/etc/ocis/banned-password-list.txt + - ./config/ocis/csp.yaml:/etc/ocis/csp.yaml - ocis-config:/etc/ocis - ocis-data:/var/lib/ocis labels: