diff --git a/inventory/group_vars/haproxy/haproxy.yml b/inventory/group_vars/haproxy/haproxy.yml index d48251ef74..2c043eb8fb 100644 --- a/inventory/group_vars/haproxy/haproxy.yml +++ b/inventory/group_vars/haproxy/haproxy.yml @@ -42,7 +42,7 @@ haproxy_security_headers_max_age: 31536000 # Set CSP headers to report only for testing haproxy_security_headers_csp_report_only: False # To override the CSP used by a specific service define a variable haproxy__csp -haproxy_security_headers_csp: "http-response set-header {{ haproxy_security_headers_csp_report_only | ternary('Content-Security-Policy-Report-Only', 'Content-Security-Policy') }} \"default-src 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src 'self' {{ external_lb_vip_address }}:{{ nova_console_port }}; frame-src 'self' {{ external_lb_vip_address }}:{{ nova_console_port }}; img-src 'self' data:; worker-src blob:;\"" +haproxy_security_headers_csp: "http-response set-header {{ haproxy_security_headers_csp_report_only | ternary('Content-Security-Policy-Report-Only', 'Content-Security-Policy') }} \"default-src 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src 'self' {{ external_lb_vip_address }}:{{ nova_console_port }}; frame-src 'self' {{ external_lb_vip_address }}:{{ nova_console_port }}; connect-src 'self' {{ external_lb_vip_address }}:*; img-src 'self' data:; worker-src blob:;\"" # To disable security headers set to [] haproxy_security_headers: - "http-response set-header Strict-Transport-Security \"max-age={{ haproxy_security_headers_max_age }}; includeSubDomains;\"" diff --git a/releasenotes/notes/csp-image-uploads-0165e6fe76287a0c.yaml b/releasenotes/notes/csp-image-uploads-0165e6fe76287a0c.yaml new file mode 100644 index 0000000000..b0c5c0f1c2 --- /dev/null +++ b/releasenotes/notes/csp-image-uploads-0165e6fe76287a0c.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes a Content Security Policy error which prevented image uploads via + the Horizon interface.