fix(nginx): corrige les CSP

Dockerfile.ui

@@ -16,5 +16,6 @@ COPY ./ /app/
 RUN make build/ui
 
 FROM nginx:1.25.3
-ADD ui_nginx.conf /etc/nginx/templates/default.conf.template
+COPY ui_nginx.conf /etc/nginx/templates/default.conf.template
+COPY ui_nginx_headers.conf /etc/nginx/templates/headers.conf.template
 COPY --from=build-stage /app/packages/ui/dist /usr/share/nginx/html

ui_nginx.conf

@@ -6,8 +6,11 @@ server {
     gzip on;
     gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/rss+xml text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/jpeg image/png image/svg+xml image/x-icon;
     
+    include /etc/nginx/conf.d/headers.conf;
+
     location =/ {
         root   /usr/share/nginx/html;
+        include /etc/nginx/conf.d/headers.conf;
         add_header Cache-Control no-cache;
         expires 0;
         try_files /index.html =404;
@@ -21,19 +24,15 @@ server {
 
     location @index {
         root   /usr/share/nginx/html;
+        include /etc/nginx/conf.d/headers.conf;
         add_header Cache-Control no-cache;
         expires 0;
         try_files /index.html =404;
     }
 
-    add_header Content-Security-Policy "default-src 'none'; script-src 'self' ${API_MATOMO_URL} 'sha256-quOgp+M4pH4TUco5DwHuTMyTY9AY+DOk4jkIMuGgSJs='; style-src 'self'; font-src 'self'; object-src 'self'; frame-src 'self'; connect-src 'self' sentry.incubateur.net ${API_MATOMO_URL}; img-src data: 'self' tile.openstreetmap.org a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org tile.openstreetmap.fr a.tile.openstreetmap.fr b.tile.openstreetmap.fr c.tile.openstreetmap.fr geoservices.brgm.fr wxs.ign.fr datacarto.geoguyane.fr gisdata.cerema.fr services.data.shom.fr; base-uri 'none'; form-action 'self'; frame-ancestors 'none';";
-    add_header X-Frame-Options "DENY";
-    add_header X-Content-Type-Options "nosniff";
-    add_header X-XSS-Protection "1; mode=block";
-    add_header Access-Control-Allow-Origin "*";
-    add_header Referrer-Policy "same-origin";
 
     location /apiUrl {
+        include /etc/nginx/conf.d/headers.conf;
         add_header Cache-Control "no-cache";
         rewrite ^/apiUrl/(.*) /$1  break;
         proxy_pass   ${API_URL};
@@ -41,6 +40,7 @@ server {
 
 
     location /stream/version {
+        include /etc/nginx/conf.d/headers.conf;
         add_header Cache-Control "no-cache";
         proxy_set_header Connection '';
         proxy_http_version 1.1;
@@ -49,6 +49,7 @@ server {
     }
 
     location /televersement {
+        include /etc/nginx/conf.d/headers.conf;
         add_header Cache-Control "no-cache";
         proxy_pass   ${API_URL};
     }

ui_nginx_headers.conf

+add_header Content-Security-Policy "default-src 'none'; script-src 'self' ${API_MATOMO_URL} 'sha256-quOgp+M4pH4TUco5DwHuTMyTY9AY+DOk4jkIMuGgSJs='; style-src 'self'; font-src 'self'; object-src 'self'; frame-src 'self'; connect-src 'self' sentry.incubateur.net ${API_MATOMO_URL}; img-src data: 'self' tile.openstreetmap.org a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org tile.openstreetmap.fr a.tile.openstreetmap.fr b.tile.openstreetmap.fr c.tile.openstreetmap.fr geoservices.brgm.fr wxs.ign.fr datacarto.geoguyane.fr gisdata.cerema.fr services.data.shom.fr; base-uri 'none'; form-action 'self'; frame-ancestors 'none';";
+add_header X-Frame-Options "DENY";
+add_header X-Content-Type-Options "nosniff";
+add_header X-XSS-Protection "1; mode=block";
+add_header Access-Control-Allow-Origin "*";
+add_header Referrer-Policy "same-origin";
\ No newline at end of file