|
2 | 2 | # All AWS Cloudfront related stuff |
3 | 3 | ## |
4 | 4 |
|
| 5 | +locals { |
| 6 | + csp_default_src = ["'self'"] |
| 7 | + csp_script_src_allow = [ |
| 8 | + "'self'", |
| 9 | + "'unsafe-inline'", |
| 10 | + "https://casteels.dev", |
| 11 | + "https://utteranc.es", |
| 12 | + "https://www.googletagmanager.com", |
| 13 | + "https://www.google-analytics.com" |
| 14 | + ] |
| 15 | + csp_style_src_allow = [ |
| 16 | + "'self'", |
| 17 | + "'unsafe-inline'", |
| 18 | + "https://casteels.dev" |
| 19 | + ] |
| 20 | + csp_img_src_allow = [ |
| 21 | + "'self'", |
| 22 | + "https://casteels.dev", |
| 23 | + "https://www.google-analytics.com", |
| 24 | + "data:" |
| 25 | + ] |
| 26 | + csp_frame_src_allow = [ |
| 27 | + "'self'", |
| 28 | + "https://utteranc.es" |
| 29 | + ] |
| 30 | + csp_connect_src_allow = [ |
| 31 | + "'self'", |
| 32 | + "https://api.github.com", |
| 33 | + "https://www.google-analytics.com" |
| 34 | + ] |
| 35 | + csp_directives = [ |
| 36 | + "default-src ${join(" ", local.csp_default_src)}", |
| 37 | + "script-src ${join(" ", local.csp_script_src_allow)}", |
| 38 | + "style-src ${join(" ", local.csp_style_src_allow)}", |
| 39 | + "img-src ${join(" ", local.csp_img_src_allow)}", |
| 40 | + "frame-src ${join(" ", local.csp_frame_src_allow)}", |
| 41 | + "connect-src ${join(" ", local.csp_connect_src_allow)}" |
| 42 | + ] |
| 43 | + csp_value = "${join("; ", local.csp_directives)};" |
| 44 | +} |
| 45 | + |
5 | 46 | resource "aws_cloudfront_origin_access_control" "default" { |
6 | 47 | name = "casteels-dev OAC" |
7 | 48 | description = "Origin Access Control for S3 bucket" |
@@ -180,7 +221,7 @@ resource "aws_cloudfront_response_headers_policy" "response_headers_policy" { |
180 | 221 | content_security_policy { |
181 | 222 | override = true |
182 | 223 | # content_security_policy = "default-src 'self';" |
183 | | - content_security_policy = "default-src 'self'; script-src 'self' 'unsafe-inline' https://casteels.dev; style-src 'self' 'unsafe-inline' https://casteels.dev; img-src 'self' https://casteels.dev data:;" |
| 224 | + content_security_policy = local.csp_value |
184 | 225 | } |
185 | 226 |
|
186 | 227 | content_type_options { |
|
0 commit comments