From 6cdbde01d7c2fa980e18853d0118e554e10def86 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 20 Feb 2023 16:50:39 +0200 Subject: [PATCH] Fix various Traefik headers syntax `always` is an nginx suffix, which shouldn't have been added to these. --- roles/custom/matrix-client-cinny/defaults/main.yml | 4 ++-- roles/custom/matrix-client-element/defaults/main.yml | 4 ++-- roles/custom/matrix-client-hydrogen/defaults/main.yml | 4 ++-- roles/custom/matrix-synapse-admin/defaults/main.yml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/custom/matrix-client-cinny/defaults/main.yml b/roles/custom/matrix-client-cinny/defaults/main.yml index 5e5f216f..f1114c36 100644 --- a/roles/custom/matrix-client-cinny/defaults/main.yml +++ b/roles/custom/matrix-client-cinny/defaults/main.yml @@ -95,11 +95,11 @@ matrix_client_cinny_http_header_content_security_policy: frame-ancestors 'self' # Specifies the value of the `Permission-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy -matrix_client_cinny_http_header_content_permission_policy: "{{ 'interest-cohort=() always' if matrix_client_cinny_floc_optout_enabled else '' }}" +matrix_client_cinny_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_client_cinny_floc_optout_enabled else '' }}" # Specifies the value of the `Strict-Transport-Security` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security -matrix_client_cinny_http_header_strict_transport_security: "{{ '\"max-age=31536000; includeSubDomains; preload\" always' if matrix_client_cinny_hsts_preload_enabled else '\"max-age=31536000; includeSubDomains\" always' }}" +matrix_client_cinny_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_client_cinny_hsts_preload_enabled else '' }}" # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses # diff --git a/roles/custom/matrix-client-element/defaults/main.yml b/roles/custom/matrix-client-element/defaults/main.yml index 4ab72bab..c9540ae0 100644 --- a/roles/custom/matrix-client-element/defaults/main.yml +++ b/roles/custom/matrix-client-element/defaults/main.yml @@ -98,11 +98,11 @@ matrix_client_element_http_header_content_security_policy: frame-ancestors 'self # Specifies the value of the `Permission-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy -matrix_client_element_http_header_content_permission_policy: "{{ 'interest-cohort=() always' if matrix_client_element_floc_optout_enabled else '' }}" +matrix_client_element_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_client_element_floc_optout_enabled else '' }}" # Specifies the value of the `Strict-Transport-Security` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security -matrix_client_element_http_header_strict_transport_security: "{{ '\"max-age=31536000; includeSubDomains; preload\" always' if matrix_client_element_hsts_preload_enabled else '\"max-age=31536000; includeSubDomains\" always' }}" +matrix_client_element_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_client_element_hsts_preload_enabled else '' }}" # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses # diff --git a/roles/custom/matrix-client-hydrogen/defaults/main.yml b/roles/custom/matrix-client-hydrogen/defaults/main.yml index 35d18cd9..f3ddb81b 100644 --- a/roles/custom/matrix-client-hydrogen/defaults/main.yml +++ b/roles/custom/matrix-client-hydrogen/defaults/main.yml @@ -94,11 +94,11 @@ matrix_client_hydrogen_http_header_content_security_policy: frame-ancestors 'sel # Specifies the value of the `Permission-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy -matrix_client_hydrogen_http_header_content_permission_policy: "{{ 'interest-cohort=() always' if matrix_client_hydrogen_floc_optout_enabled else '' }}" +matrix_client_hydrogen_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_client_hydrogen_floc_optout_enabled else '' }}" # Specifies the value of the `Strict-Transport-Security` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security -matrix_client_hydrogen_http_header_strict_transport_security: "{{ '\"max-age=31536000; includeSubDomains; preload\" always' if matrix_client_hydrogen_hsts_preload_enabled else '\"max-age=31536000; includeSubDomains\" always' }}" +matrix_client_hydrogen_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_client_hydrogen_hsts_preload_enabled else '' }}" # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses # diff --git a/roles/custom/matrix-synapse-admin/defaults/main.yml b/roles/custom/matrix-synapse-admin/defaults/main.yml index 91383a9e..ae912f71 100644 --- a/roles/custom/matrix-synapse-admin/defaults/main.yml +++ b/roles/custom/matrix-synapse-admin/defaults/main.yml @@ -102,11 +102,11 @@ matrix_synapse_admin_http_header_content_security_policy: frame-ancestors 'self' # Specifies the value of the `Permission-Policy` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy -matrix_synapse_admin_http_header_content_permission_policy: "{{ 'interest-cohort=() always' if matrix_synapse_admin_floc_optout_enabled else '' }}" +matrix_synapse_admin_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_synapse_admin_floc_optout_enabled else '' }}" # Specifies the value of the `Strict-Transport-Security` header. # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security -matrix_synapse_admin_http_header_strict_transport_security: "{{ '\"max-age=31536000; includeSubDomains; preload\" always' if matrix_synapse_admin_hsts_preload_enabled else '\"max-age=31536000; includeSubDomains\" always' }}" +matrix_synapse_admin_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_synapse_admin_hsts_preload_enabled else '' }}" # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses #