disallow my sites from being iframed [ci skip]

2026-01-18 13:41:20 +00:00 · 2026-01-18 13:41:20 +00:00 · c17b481346
commit c17b481346
parent 8da263bf43
1 changed files with 2 additions and 0 deletions
--- a/modules/kubernetes/ingress_factory/main.tf
+++ b/modules/kubernetes/ingress_factory/main.tf
@ -119,6 +119,8 @@ resource "kubernetes_ingress_v1" "proxied-ingress" {
      "nginx.ingress.kubernetes.io/configuration-snippet" = <<-EOF
      limit_req_status 429;
      limit_conn_status 429;
+      # Prevent iframe embedding (clickjacking protection) - allow subdomains only
+      add_header Content-Security-Policy "frame-ancestors 'self' *.viktorbarzin.me viktorbarzin.me" always;
      ${var.rybbit_site_id != null ? <<-JS
        # Rybbit Analytics
        # Only modify HTML