updated headers for each of the call services.

roles/custom/matrix-element-call/defaults/main.yml

@@ -75,27 +75,27 @@ matrix_element_call_systemd_required_services_list: "{{ [devture_systemd_docker_
 # Learn more about it is here:
 # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
 # - https://portswigger.net/web-security/cross-site-scripting/reflected
-matrix_element_call_http_header_xss_protection: "1; mode=block"
+#matrix_element_call_http_header_xss_protection: "1; mode=block"
 
 # Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
-matrix_element_call_http_header_frame_options: SAMEORIGIN
+#matrix_element_call_http_header_frame_options: SAMEORIGIN
 
 # Specifies the value of the `X-Content-Type-Options` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
-matrix_element_call_http_header_content_type_options: nosniff
+#matrix_element_call_http_header_content_type_options: nosniff
 
 # Specifies the value of the `Content-Security-Policy` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
-matrix_element_call_http_header_content_security_policy: frame-ancestors 'self'
+#matrix_element_call_http_header_content_security_policy: frame-ancestors 'self'
 
 # Specifies the value of the `Permission-Policy` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy
-matrix_element_call_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_element_call_floc_optout_enabled else '' }}"
+#matrix_element_call_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_element_call_floc_optout_enabled else '' }}"
 
 # Specifies the value of the `Strict-Transport-Security` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
-matrix_element_call_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_element_call_hsts_preload_enabled else '' }}"
+#matrix_element_call_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_element_call_hsts_preload_enabled else '' }}"
 
 # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses
 #
@@ -106,7 +106,7 @@ matrix_element_call_http_header_strict_transport_security: "max-age=31536000; in
 #
 # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.
 # See: `matrix_element_call_content_permission_policy`
-matrix_element_call_floc_optout_enabled: true
+#matrix_element_call_floc_optout_enabled: true
 
 # Controls if HSTS preloading is enabled
 #
@@ -118,7 +118,7 @@ matrix_element_call_floc_optout_enabled: true
 # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
 # - https://hstspreload.org/#opt-in
 # See: `matrix_element_call_http_header_strict_transport_security`
-matrix_element_call_hsts_preload_enabled: false
+matrix_element_call_hsts_preload_enabled: true
 
 # Enable or disable metrics collection
 matrix_element_call_metrics_enabled: false

roles/custom/matrix-jwt-service/defaults/main.yml

@@ -71,27 +71,27 @@ matrix_jwt_service_systemd_required_services_list: "{{ [devture_systemd_docker_b
 # Learn more about it is here:
 # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
 # - https://portswigger.net/web-security/cross-site-scripting/reflected
-matrix_jwt_service_http_header_xss_protection: "1; mode=block"
+#matrix_jwt_service_http_header_xss_protection: "1; mode=block"
 
 # Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
-matrix_jwt_service_http_header_frame_options: SAMEORIGIN
+#matrix_jwt_service_http_header_frame_options: SAMEORIGIN
 
 # Specifies the value of the `X-Content-Type-Options` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
-matrix_jwt_service_http_header_content_type_options: nosniff
+#matrix_jwt_service_http_header_content_type_options: nosniff
 
 # Specifies the value of the `Content-Security-Policy` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
-matrix_jwt_service_http_header_content_security_policy: frame-ancestors 'self'
+#matrix_jwt_service_http_header_content_security_policy: frame-ancestors 'self'
 
 # Specifies the value of the `Permission-Policy` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy
-matrix_jwt_service_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_jwt_service_floc_optout_enabled else '' }}"
+#matrix_jwt_service_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_jwt_service_floc_optout_enabled else '' }}"
 
 # Specifies the value of the `Strict-Transport-Security` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
-matrix_jwt_service_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_jwt_service_hsts_preload_enabled else '' }}"
+#matrix_jwt_service_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_jwt_service_hsts_preload_enabled else '' }}"
 
 # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses
 #
@@ -102,7 +102,7 @@ matrix_jwt_service_http_header_strict_transport_security: "max-age=31536000; inc
 #
 # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.
 # See: `matrix_jwt_service_content_permission_policy`
-matrix_jwt_service_floc_optout_enabled: true
+#matrix_jwt_service_floc_optout_enabled: true
 
 # Controls if HSTS preloading is enabled
 #

roles/custom/matrix-livekit-server/defaults/main.yml

@@ -69,27 +69,27 @@ matrix_livekit_server_systemd_required_services_list: "{{ [devture_systemd_docke
 # Learn more about it is here:
 # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
 # - https://portswigger.net/web-security/cross-site-scripting/reflected
-matrix_livekit_server_http_header_xss_protection: "1; mode=block"
+#matrix_livekit_server_http_header_xss_protection: "1; mode=block"
 
 # Specifies the value of the `X-Frame-Options` header which controls whether framing can happen.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
-matrix_livekit_server_http_header_frame_options: SAMEORIGIN
+#matrix_livekit_server_http_header_frame_options: SAMEORIGIN
 
 # Specifies the value of the `X-Content-Type-Options` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
-matrix_livekit_server_http_header_content_type_options: nosniff
+#matrix_livekit_server_http_header_content_type_options: nosniff
 
 # Specifies the value of the `Content-Security-Policy` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
-matrix_livekit_server_http_header_content_security_policy: frame-ancestors 'self'
+#matrix_livekit_server_http_header_content_security_policy: frame-ancestors 'self'
 
 # Specifies the value of the `Permission-Policy` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permission-Policy
-matrix_livekit_server_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_livekit_server_floc_optout_enabled else '' }}"
+#matrix_livekit_server_http_header_content_permission_policy: "{{ 'interest-cohort=()' if matrix_livekit_server_floc_optout_enabled else '' }}"
 
 # Specifies the value of the `Strict-Transport-Security` header.
 # See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
-matrix_livekit_server_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_livekit_server_hsts_preload_enabled else '' }}"
+#matrix_livekit_server_http_header_strict_transport_security: "max-age=31536000; includeSubDomains{{ '; preload' if matrix_livekit_server_hsts_preload_enabled else '' }}"
 
 # Controls whether to send a "Permissions-Policy interest-cohort=();" header along with all responses
 #
@@ -100,7 +100,7 @@ matrix_livekit_server_http_header_strict_transport_security: "max-age=31536000;
 #
 # Of course, a better solution is to just stop using browsers (like Chrome), which participate in such tracking practices.
 # See: `matrix_livekit_server_content_permission_policy`
-matrix_livekit_server_floc_optout_enabled: true
+#matrix_livekit_server_floc_optout_enabled: true
 
 # Controls if HSTS preloading is enabled
 #
@@ -112,4 +112,4 @@ matrix_livekit_server_floc_optout_enabled: true
 # - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
 # - https://hstspreload.org/#opt-in
 # See: `matrix_livekit_server_http_header_strict_transport_security`
-matrix_livekit_server_hsts_preload_enabled: false
+matrix_livekit_server_hsts_preload_enabled: true

roles/custom/matrix-livekit-server/templates/livekit.yaml.j2

@@ -5,7 +5,7 @@ rtc:
   tcp_port: 7881
   port_range_start: 50100
   port_range_end: 50200
-  use_external_ip: false
+  use_external_ip: true
 
 turn:
   enabled: false