feat: create an exception to embed iframe for peertube

roles/nginx/tasks/main.yml

@@ -20,6 +20,7 @@
   loop:
     - {src: nginx.conf.j2, dest: /etc/nginx/nginx.conf}
     - {src: nginx.ssl.conf.j2, dest: /etc/nginx/nginx.ssl.conf}
+    - {src: nginx.other_headers.conf.j2, dest: /etc/nginx/nginx.other_headers.conf}
     - {src: fastcgi_params.j2, dest: /etc/nginx/fastcgi_params}
     - {src: proxy_params.j2, dest: /etc/nginx/proxy_params}
     - {src: default.j2, dest: /etc/nginx/sites-available/default}

roles/nginx/templates/nginx.conf.j2

@@ -54,6 +54,9 @@ http {
 	gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;
 	
 	include nginx.ssl.conf;
+{% if inventory_hostname != 'pt1.dmz.mateu.be' %}
+	include nginx.other_headers.conf;
+{% endif %}
 
 	## FLoC off Google!
 	add_header Permissions-Policy interest-cohort=();

roles/nginx/templates/nginx.other_headers.conf.j2

@@ -0,0 +1,4 @@
+	# Other security headers
+	add_header X-Frame-Options "SAMEORIGIN" always;
+	add_header X-Xss-Protection "1; mode=block" always;
+	add_header X-Content-Type-Options "nosniff" always;

roles/nginx/templates/nginx.ssl.conf.j2

@@ -24,8 +24,3 @@
 
 	## verify chain of trust of OCSP response using Root CA and Intermediate certs
 	ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
-
-	# Other security headers
-	add_header X-Frame-Options "SAMEORIGIN" always;
-	add_header X-Xss-Protection "1; mode=block" always;
-	add_header X-Content-Type-Options "nosniff" always;