Xela

Well-Known Member
Oct 12, 2017
92
2
48
Hi there,
I implemented today successful the security headers for:

• X-Content-Type-Options
• X-XSS-Protection
• Referrer-Policy
• Strict-Transport-Security

But the last two headers Content-Security-Policy and X-Frame-Options break my head all afternoon.
For X-Frame-Options I tried all possibilities but it seems while setting this the shell is not working anymore, the same for the Content-Security-Policy. Is there a recommendation for these two headers for Proxmox?
 
X-Frame-Options
SAMEORIGIN the shell is gray nothing happens
ALLOW-FROM https://example.com/
I tried localhost, localhost:8006, 127.0.0.1, 127.0.0.1:8006, also port 5900, URL, Public IP etc.
Everytime when I enable that header the shell in Proxmox stays gray, have to disable that header again.
 
Hey,

I know it's a little bit late but in case anyone is seeing this who is having the same problem:
I had the same problem today and found a Solution. When defining the 'Content-Security-Policy' you have to make sure you're setting the two values 'unsafe-eval' and 'unsafe-inline' in order to access Proxmox.

My Complete CSP String:
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' fonts.gstatic.com data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';

From this point on you should be able to access Proxmox.
The next problem I had was: I couldn't connect to the NoVNC Consoles.
Make sure you've set these 3 Parameters in your location{} part:
proxy_set_header Host $host;
proxy_set_header Connection "";
proxy_set_header Upgrade $http_upgrade;

If anyone needs some more help or wants to see my complete NGINX Configuration, please let me know.
 
greetings...

¿How do I define the 'Content Security Policy' for proxmox?

¿in which part should I look to define the CSP?

Thanks.
 
Hi!

I believe nginx and haproxy as reverse proxies, will allow you to add or replace headers, including CSP.

Thanks
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!