dexidp
Add extraContainers possibility in deployments
Signed-off-by: Benjamin Fernandez [email protected]
Overview Provide a way to use sidecar container (for example nginx) This Pull Request is complementary of the pull request on dex app : https://github.com/dexidp/dex/pull/2266 We are facing an issue with dex which seems to be vulnerable to clickjacking. We would like to get a way to configure the Content Security Policy frame-ancestor context to prevent clickjacking.
What this PR does / why we need it This PR will permit to put a proxy sidecar container to be able to enables the configuration of the Content-Security policy to prevent clickjacking. By filling sidecar container configuration with the specific fields the application will send csp headers in responses defining the content security policy. To do so we try to use an nginx sidecar container which work really well with proper headers.
The sidecar container is not required so if the sidecar container is not set the sidecar upgrade in helm charts will not impact other users
Special notes for your reviewer The most critical endpoints for clickjacking is the /dex/auth one (as a user interaction is needed to provide credential) but by default it is a good point to apply the same policy for all endpoints
Does this PR introduce a user-facing change? NONE
Checklist
- [x] Change log updated in Chart.yaml (see the contributing guide for details)
- [x] Chart version bumped in Chart.yaml (see the contributing guide for details)
- [x] Documentation regenerated by running make docs
@FernandezBenjamin does your ingress controller not supporting custom headers through annotations?
@FernandezBenjamin does your ingress controller not supporting custom headers through annotations?
We doesn't use ingress controller
Hi team Is there any chance to get an update about my request ? :) Thanks a lot