Adds x_frame_options and fix other params

diff --git a/manifests/site.pp b/manifests/site.pp
index 983fc88e9bd8177011b82a5d5ef3b1a377ed82f1..4455f45e924793984296700ba0ef0299a5bf611c 100644 (file)
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1,16 +1,17 @@
 define nginx::site(
-  $ensure         = present,
-  $ssl            = present,
-  $source         = 'template',
-  $certbot        = true,
-  $template       = 'site',
-  $backend        = 'weblocal',
-  $aliases        = "*.${name}",
-  $cache          = false,
-  $cache_levels   = '1:2',
-  $cache_size     = '10m',
-  $cache_inactive = '600s',
-  $cache_max_size = '1m',
+  $ensure          = present,
+  $ssl             = present,
+  $source          = 'template',
+  $certbot         = true,
+  $template        = 'site',
+  $backend         = 'weblocal',
+  $aliases         = "*.${name}",
+  $cache           = false,
+  $cache_levels    = '1:2',
+  $cache_size      = '10m',
+  $cache_inactive  = '600s',
+  $cache_max_size  = '1m',
+  $x_frame_options = 'DENY',
 ) {
   nginx::site::config { $name:
     ensure   => $ensure,
@@ -32,17 +33,23 @@ define nginx::site(
   }
 
   nginx::site::config { "${name}-ssl":
-    server_name => $name,
-    ensure      => $ensure ? {
+    server_name     => $name,
+    ensure          => $ensure ? {
       'present' => $ssl,
       default   => absent,
     },
-    source      => $source,
-    template    => "${template}-ssl",
-    backend     => $backend,
-    aliases     => $aliases,
-    require     => $certbot ? {
-      true    => $ensure ? {
+    source          => $source,
+    template        => "${template}-ssl",
+    backend         => $backend,
+    aliases         => $aliases,
+    cache           => $cache,
+    cache_levels    => $cache_levels,
+    cache_size      => $cache_size,
+    cache_inactive  => $cache_inactive,
+    cache_max_size  => $cache_max_size,
+    x_frame_options => $x_frame_options,
+    require        => $certbot ? {
+      true => $ensure ? {
         'present' => Certbot::Manage[$name],
         default   => undef,
       },

diff --git a/manifests/site/config.pp b/manifests/site/config.pp
index 9822795c3f93d09b71bfe8cf015c73c47afd5575..0cdceea3c36b9397313c2907a345b0558a1e98d2 100644 (file)
--- a/manifests/site/config.pp
+++ b/manifests/site/config.pp
@@ -1,10 +1,16 @@
 define nginx::site::config(
-  $server_name = $name,
-  $ensure      = present,
-  $source      = 'template',
-  $template    = 'site',
-  $backend     = 'weblocal',
-  $aliases     = "*.${name}",
+  $server_name     = $name,
+  $ensure          = present,
+  $source          = 'template',
+  $template        = 'site',
+  $backend         = 'weblocal',
+  $aliases         = "*.${name}",
+  $cache           = false,
+  $cache_levels    = '1:2',
+  $cache_size      = '10m',
+  $cache_inactive  = '600s',
+  $cache_max_size  = '1m',
+  $x_frame_options = 'DENY',
 ){
   case $source {
     'file': {

diff --git a/templates/site-ssl.erb b/templates/site-ssl.erb
index 5b9ce040bf3fd1151aad6639c55948bc94bc9bfd..c8529541d05919a2dd12932c9eb8a83d3385ac09 100644 (file)
--- a/templates/site-ssl.erb
+++ b/templates/site-ssl.erb
@@ -15,7 +15,7 @@ server {
   # clickjacking protection
   add_header X-Content-Type-Options nosniff;
   add_header X-XSS-Protection "1; mode=block";
-  add_header X-Frame-Options DENY;
+  add_header X-Frame-Options <%= @x_frame_options %>;
 
   location / {
     # preserve http header and set forwarded proto