From 1919358cb3b05f09bceff9a904e9607760bc3fb1 Mon Sep 17 00:00:00 2001
From: Marco Donadoni <marco.donadoni@cern.ch>
Date: Mon, 18 Nov 2024 17:02:52 +0100
Subject: [PATCH] feat(config): make APP_DEFAULT_SECURE_HEADERS customisable
 (#713)

Allow customisation of the `APP_DEFAULT_SECURE_HEADERS_ configuration
value, to be able to configure Flask-Talisman's security mechanisms.
---
 reana_server/config.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/reana_server/config.py b/reana_server/config.py
index 7af41247..1c6841af 100644
--- a/reana_server/config.py
+++ b/reana_server/config.py
@@ -210,6 +210,14 @@ def _(x):
 PROXYFIX_CONFIG = json.loads(os.getenv("PROXYFIX_CONFIG", '{"x_proto": 1}'))
 
 APP_DEFAULT_SECURE_HEADERS["content_security_policy"] = {}
+APP_DEFAULT_SECURE_HEADERS.update(
+    json.loads(os.getenv("APP_DEFAULT_SECURE_HEADERS", "{}"))
+)
+if "REANA_FORCE_HTTPS" in os.environ:
+    APP_DEFAULT_SECURE_HEADERS["force_https"] = bool(
+        strtobool(os.getenv("REANA_FORCE_HTTPS"))
+    )
+
 APP_HEALTH_BLUEPRINT_ENABLED = False