From 182610ff527d2f65401fc9eff175b7a8dbded57f Mon Sep 17 00:00:00 2001
From: Luis-Hebendanz <consulting@qube.email>
Date: Sun, 17 Mar 2024 18:18:21 +0700
Subject: [PATCH] Set the nginx Content-Security-Policy header to allow
 embedding the Gitea instance in an iframe on the pad.lassul.us instance.

---
 modules/web01/gitea/default.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/web01/gitea/default.nix b/modules/web01/gitea/default.nix
index eaede03..65e5f2d 100644
--- a/modules/web01/gitea/default.nix
+++ b/modules/web01/gitea/default.nix
@@ -36,8 +36,10 @@
   services.nginx.virtualHosts."git.clan.lol" = {
     forceSSL = true;
     enableACME = true;
+    # The add_header directive is used to set the Content-Security-Policy header to allow embedding the Gitea instance in an iframe on the pad.lassul.us instance.
     locations."/".extraConfig = ''
       proxy_pass http://localhost:3002;
+      add_header Content-Security-Policy "frame-ancestors 'self' https://pad.lassul.us";
     '';
   };
 }