Configuration schema keys for CSP and HSTS

References #263, #264. [#161584215]
2018-10-30 15:54:14 +03:00 · 2018-10-30 15:54:14 +03:00 · 39bbfd83e1
parent 9831e9aee4
commit 39bbfd83e1
3 changed files with 88 additions and 1 deletions
--- a/deps/rabbitmq_management/Makefile
+++ b/deps/rabbitmq_management/Makefile
@ -9,8 +9,11 @@ define PROJECT_ENV
 	    {management_db_cache_multiplier, 5},
 	    {process_stats_gc_timeout, 300000},
 	    {stats_event_max_backlog, 250},
+
 	    {cors_allow_origins, []},
-	    {cors_max_age, 1800}
+	    {cors_max_age, 1800},
+
+	    {content_security_policy, "default-src 'self'"}
 	  ]
 endef

--- a/deps/rabbitmq_management/priv/schema/rabbitmq_management.schema
+++ b/deps/rabbitmq_management/priv/schema/rabbitmq_management.schema
@ -284,6 +284,34 @@ fun(Conf) ->
 end}.


+%% CSP (https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)
+
+{mapping, "management.csp.policy", "rabbitmq_management.content_security_policy", [
+    {datatype, string}
+]}.
+
+{translation, "rabbitmq_management.content_security_policy",
+fun(Conf) ->
+    case cuttlefish:conf_get("management.csp.policy", Conf, undefined) of
+        undefined -> cuttlefish:unset();
+        Value     -> Value
+    end
+end}.
+
+
+%% HSTS (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security)
+
+{mapping, "management.hsts.policy", "rabbitmq_management.strict_transport_security", [
+    {datatype, string}
+]}.
+
+{translation, "rabbitmq_management.strict_transport_security",
+fun(Conf) ->
+    case cuttlefish:conf_get("management.hsts.policy", Conf, undefined) of
+        undefined -> cuttlefish:unset();
+        Value     -> Value
+    end
+end}.

 %% ===========================================================================

--- a/deps/rabbitmq_management/test/config_schema_SUITE_data/rabbitmq_management.snippets
+++ b/deps/rabbitmq_management/test/config_schema_SUITE_data/rabbitmq_management.snippets
@ -273,6 +273,62 @@
 },


+ %%
+ %% CSP
+ %%
+
+ {csp_policy_case1,
+  "management.csp.policy = default-src 'self'",
+  [
+   {rabbitmq_management, [
+                          {content_security_policy, "default-src 'self'"}
+                         ]}
+  ], [rabbitmq_management]
+ },
+
+ {csp_policy_case2,
+  "management.csp.policy = default-src https://onlinebanking.examplebank.com",
+  [
+   {rabbitmq_management, [
+                          {content_security_policy, "default-src https://onlinebanking.examplebank.com"}
+                         ]}
+  ], [rabbitmq_management]
+ },
+
+ {csp_policy_case3,
+  "management.csp.policy = default-src 'self' *.mailsite.com; img-src *",
+  [
+   {rabbitmq_management, [
+                          {content_security_policy, "default-src 'self' *.mailsite.com; img-src *"}
+                         ]}
+  ], [rabbitmq_management]
+ },
+
+ %%
+ %% HSTS
+ %%
+
+ {hsts_policy_case1,
+  "management.hsts.policy = max-age=31536000; includeSubDomains",
+  [
+   {rabbitmq_management, [
+                          {strict_transport_security, "max-age=31536000; includeSubDomains"}
+                         ]}
+  ], [rabbitmq_management]
+ },
+
+ {csp_and_hsts_combined,
+  "management.csp.policy = default-src 'self' *.mailsite.com; img-src *
+   management.hsts.policy = max-age=31536000; includeSubDomains",
+  [
+   {rabbitmq_management, [
+                          {content_security_policy, "default-src 'self' *.mailsite.com; img-src *"},
+                          {strict_transport_security, "max-age=31536000; includeSubDomains"}
+                         ]}
+  ], [rabbitmq_management]
+ },
+
+
 %%
 %% Legacy listener configuration
 %%