diff --git a/charts/owncloud/README.md b/charts/owncloud/README.md index 30fa87e..28298f6 100644 --- a/charts/owncloud/README.md +++ b/charts/owncloud/README.md @@ -112,7 +112,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | owncloud.debug | bool | `false` | Place this ownCloud instance into debugging mode (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#place-this-owncloud-instance-into-debugging-mode)). | | owncloud.defaultApp | string | `""` | Define the default app to open on user login (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-default-app-to-open-on-user-login)). | | owncloud.defaultLanguage | string | `"en"` | Define the default language of your ownCloud instance (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-default-language-of-your-owncloud-instance)). | -| owncloud.domain | string | localhost | Base domain used in `{{ .Values.owncloud.overwriteCliUrl }}` by default. | +| owncloud.domain | string | `"owncloud.chart.example"` | Base domain used in `{{ .Values.owncloud.overwriteCliUrl }}` by default. | | owncloud.enableAvatars | string | `""` | Enable or disable avatars or user profile photos (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enable-or-disable-avatars-or-user-profile-photos)). | | owncloud.enableCertificateManagement | string | `""` | Allow the configuration of system-wide trusted certificates (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#allow-the-configuration-of-system-wide-trusted-certificates)). | | owncloud.enableOidcRewriteUrl | string | `"false"` | Rewrites OpenID Connect wellknown URL `.well-known/openid-configuration` to the ownCloud OIDC configuration endpoint (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/user/oidc/oidc.html#set-up-service-discovery)). | @@ -240,6 +240,7 @@ A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an | owncloud.tokenAuthEnforced | string | `""` | Enforce token only authentication for apps and clients connecting to ownCloud (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enforce-token-only-authentication-for-apps-and-clients-connecting-to-owncloud)). | | owncloud.trashbin.purgeLimit | string | `""` | Define the trashbin purge limit (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-trashbin-purge-limit)). | | owncloud.trashbin.retentionObligation | string | `""` | Define the trashbin retention obligation (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-trashbin-retention-obligation)). | +| owncloud.trustedDomains | list | `["localhost"]` | List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)). The value from `{{ .Values.owncloud.overwriteCliUrl }}` is added to the list automatically. | | owncloud.trustedProxies | string | `""` | Define list of trusted proxy servers (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-proxy-servers)). | | owncloud.updateChecker | string | `""` | Enable or disable updatechecker (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enable-or-disable-updatechecker)). | | owncloud.updaterServerUrl | string | `""` | Define the updatechecker URL (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-updatechecker-url)). | diff --git a/charts/owncloud/templates/_helpers.tpl b/charts/owncloud/templates/_helpers.tpl index 7249ef2..d71e424 100644 --- a/charts/owncloud/templates/_helpers.tpl +++ b/charts/owncloud/templates/_helpers.tpl @@ -30,6 +30,20 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} +{{/* +ownCloud trusted domains list. +*/}} +{{- define "owncloud.trustedDomains" -}} +{{- $domains := list -}} +{{- with .Values.owncloud.domain -}} +{{- $domains = append $domains . -}} +{{- end -}} +{{- with .Values.owncloud.trustedDomains -}} +{{- $domains = concat $domains . -}} +{{- end -}} +{{- $domains | join "," }} +{{- end }} + {{/* Common labels */}} diff --git a/charts/owncloud/templates/deployment.yaml b/charts/owncloud/templates/deployment.yaml index 1fa9c48..c2098ab 100644 --- a/charts/owncloud/templates/deployment.yaml +++ b/charts/owncloud/templates/deployment.yaml @@ -122,6 +122,8 @@ spec: value: {{ .Values.owncloud.defaultLanguage | quote }} - name: OWNCLOUD_DOMAIN value: {{ .Values.owncloud.domain | quote }} + - name: OWNCLOUD_TRUSTED_DOMAINS + value: {{ include "owncloud.trustedDomains" . }} - name: OWNCLOUD_ENABLED_PREVIEW_PROVIDERS value: {{ .Values.owncloud.enabledPreviewProviders | quote }} - name: OWNCLOUD_ENABLE_AVATARS diff --git a/charts/owncloud/values.yaml b/charts/owncloud/values.yaml index c0ff921..03f7d66 100644 --- a/charts/owncloud/values.yaml +++ b/charts/owncloud/values.yaml @@ -97,8 +97,10 @@ owncloud: # -- Define the default language of your ownCloud instance (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-the-default-language-of-your-owncloud-instance)). defaultLanguage: "en" # -- Base domain used in `{{ .Values.owncloud.overwriteCliUrl }}` by default. - # @default -- localhost domain: "owncloud.chart.example" + # -- List of trusted domains to prevent host header poisoning (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-list-of-trusted-domains-that-users-can-log-into)). The value from `{{ .Values.owncloud.overwriteCliUrl }}` is added to the list automatically. + trustedDomains: + - "localhost" # -- Define preview providers (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#define-preview-providers)). enabledPreviewProviders: "" # -- Enable or disable avatars or user profile photos (see [documentation](https://doc.owncloud.com/server/latest/admin_manual/configuration/server/config_sample_php_parameters.html#enable-or-disable-avatars-or-user-profile-photos)).