Ingress: clear X-Frame-Options header from responses.
This enables applications to be loaded in iframes. Although it does
sacrifice security a bit.
https: //developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
Change-Id: Ibb5568b5461bbe001106724a0cf64ec25e7fd4ce
diff --git a/core/installer/values-tmpl/ingress-public.cue b/core/installer/values-tmpl/ingress-public.cue
index 93ce90c..2258945 100644
--- a/core/installer/values-tmpl/ingress-public.cue
+++ b/core/installer/values-tmpl/ingress-public.cue
@@ -61,7 +61,12 @@
default: false
controllerValue: "k8s.io/\(_ingressPublic)"
}
- config: "proxy-body-size": "100M" // TODO(giolekva): configurable
+ config: {
+ "proxy-body-size": "200M" // TODO(giolekva): configurable
+ "server-snippet": """
+ more_clear_headers "X-Frame-Options";
+ """
+ }
image: {
registry: images.ingressNginx.registry
image: images.ingressNginx.imageName
diff --git a/core/installer/values-tmpl/private-network.cue b/core/installer/values-tmpl/private-network.cue
index bc58a9f..156b078 100644
--- a/core/installer/values-tmpl/private-network.cue
+++ b/core/installer/values-tmpl/private-network.cue
@@ -84,7 +84,11 @@
controllerValue: "k8s.io/\(_ingressPrivate)"
}
config: {
+ "proxy-body-size": "200M" // TODO(giolekva): configurable
"force-ssl-redirect": "true"
+ "server-snippet": """
+ more_clear_headers "X-Frame-Options";
+ """
}
extraArgs: {
"default-ssl-certificate": "\(_ingressPrivate)/cert-wildcard.\(global.privateDomain)"