From 0061d2e7778de336b09e6bb5f08fecf372055e64 Mon Sep 17 00:00:00 2001 From: Timmy Willison Date: Tue, 24 Dec 2024 14:14:26 -0500 Subject: [PATCH] Revert "blogs: add CSP report header to blog sites" This reverts commit 7019e41d5e9c19123a9feb33b7065dd98dc2b152. --- hieradata/environments/production/roles/blogs.yaml | 1 - modules/profile/manifests/wordpress/base.pp | 1 - modules/profile/manifests/wordpress/blogs.pp | 5 +---- .../profile/templates/wordpress/base/default-tls.nginx.erb | 6 ------ 4 files changed, 1 insertion(+), 12 deletions(-) diff --git a/hieradata/environments/production/roles/blogs.yaml b/hieradata/environments/production/roles/blogs.yaml index f9066c7..c6584b8 100644 --- a/hieradata/environments/production/roles/blogs.yaml +++ b/hieradata/environments/production/roles/blogs.yaml @@ -5,7 +5,6 @@ profile::certbot::certificates: profile::wordpress::blogs::admin_email: infrastructure-team@jquery.com profile::wordpress::blogs::wordpress_version: ~ -profile::wordpress::blogs::csp_header: "default-src 'self'; script-src 'self' code.jquery.com; report-uri https://csp-report-api.openjs-foundation.workers.dev/; report-to csp-endpoint" profile::wordpress::blogs::sites: jquery: host: blog.jquery.com diff --git a/modules/profile/manifests/wordpress/base.pp b/modules/profile/manifests/wordpress/base.pp index d63ac59..a12479b 100644 --- a/modules/profile/manifests/wordpress/base.pp +++ b/modules/profile/manifests/wordpress/base.pp @@ -3,7 +3,6 @@ String[1] $innodb_buffer_pool_size = lookup('profile::wordpress::base::mariadb_innodb_buffer_pool_size', {default_value => '512M'}), String[1] $wordpress_cli_version = lookup('profile::wordpress::base::wordpress_cli_version'), Optional[String[1]] $default_site_cert = lookup('profile::wordpress::base::default_site_cert', {default_value => undef}), - Optional[String[1]] $csp_header = undef, ) { file { '/srv/mariadb': ensure => directory, diff --git a/modules/profile/manifests/wordpress/blogs.pp b/modules/profile/manifests/wordpress/blogs.pp index f247100..910685d 100644 --- a/modules/profile/manifests/wordpress/blogs.pp +++ b/modules/profile/manifests/wordpress/blogs.pp @@ -5,11 +5,8 @@ String[1] $db_password_seed = lookup('profile::wordpress::blogs::db_password_seed'), Stdlib::Email $admin_email = lookup('profile::wordpress::blogs::admin_email'), String[1] $admin_password = lookup('profile::wordpress::blogs::admin_password'), - String[1] $csp_header = lookup('profile::wordpress::blogs::csp_header'), ) { - class { 'profile::wordpress::base': - csp_header => $csp_header, - } + include profile::wordpress::base git::clone { 'blog.jquery.com-theme': path => '/srv/wordpress/blog.jquery.com-theme', diff --git a/modules/profile/templates/wordpress/base/default-tls.nginx.erb b/modules/profile/templates/wordpress/base/default-tls.nginx.erb index 207f0b8..c6cf55b 100644 --- a/modules/profile/templates/wordpress/base/default-tls.nginx.erb +++ b/modules/profile/templates/wordpress/base/default-tls.nginx.erb @@ -14,12 +14,6 @@ server { server_tokens off; -<%- if @csp_header -%> - # Add Content Security Policy headers - add_header Reporting-Endpoints "csp-endpoint='https://csp-report-api.openjs-foundation.workers.dev/'"; - add_header Content-Security-Policy-Report-Only "<%= @csp_header %>" always; -<%- end -%> - location /.well-known/acme-challenge { root /var/www/letsencrypt/; }