From d47e3b4760de3285dec63d888d04a5dd5497f083 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9o?= <theo@le-filament.com>
Date: Tue, 28 Jun 2022 11:48:34 +0200
Subject: [PATCH] [ADD] allow iframe option

---
 README.md                 | 1 +
 defaults/main.yml         | 3 +++
 templates/traefik.toml.j2 | 2 +-
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 9debc61..95e5a1a 100644
--- a/README.md
+++ b/README.md
@@ -18,6 +18,7 @@ Variables defined in defaults/main.yaml:
 * default_sshd_port: Port on which SSH daemon listens (defaults to 10022)
 * host_user : user used to connect to the server
 * srv_proxy_pass: Password to access proxy protected pages (AUTH defaults to SuperSecureProxyP4$$)
+* allow_iframe: whether iframes are allowed
 
 This role makes use of a few variables which are set in case the target server is part of other groups (but still initialized to false in defaults/main.yml), namely :
 * docker_auth
diff --git a/defaults/main.yml b/defaults/main.yml
index bbd8b3e..fdbd8bd 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -20,3 +20,6 @@ metabase: false
 ## Auth
 ldap_url: "ldap.example.org"
 sso_url: "sso.example.org"
+
+## iframe
+allow_iframe: false
diff --git a/templates/traefik.toml.j2 b/templates/traefik.toml.j2
index e8fddd2..5e704aa 100644
--- a/templates/traefik.toml.j2
+++ b/templates/traefik.toml.j2
@@ -51,7 +51,7 @@
       contentTypeNosniff = true
       referrerPolicy = "same-origin"
       forceSTSHeader = true
-{% if not cloud_onlyoffice %}
+{% if not cloud_onlyoffice and not allow_iframe %}
       frameDeny = true
       customFrameOptionsValue = "SAMEORIGIN"
 {% endif %}
-- 
GitLab