From dc1bb22d9dd3da66cde22a30839e51de35ccba3b Mon Sep 17 00:00:00 2001
From: coolneng <akasroua@gmail.com>
Date: Sun, 23 Oct 2022 10:53:40 +0200
Subject: [PATCH] Use CSP config only in gitea

---
 modules/webstack.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/modules/webstack.nix b/modules/webstack.nix
index 72e65fd..08cf8de 100644
--- a/modules/webstack.nix
+++ b/modules/webstack.nix
@@ -69,7 +69,14 @@
       "git.coolneng.duckdns.org" = {
         enableACME = true;
         forceSSL = true;
-        locations."/".proxyPass = "http://localhost:3000/";
+        locations."/" = {
+          proxyPass = "http://localhost:3000/";
+          extraConfig = ''
+            ${config.services.nginx.commonHttpConfig}
+            # Disable embedding as a frame, except from the same origin
+            add_header Content-Security-Policy "frame-src git.coolneng.duckdns.org; frame-ancestors git.coolneng.duckdns.org";
+          '';
+        };
       };
       "rss.coolneng.duckdns.org" = {
         enableACME = true;