From cb57621b33a040f67bc7c4c08bc14ec8c3d91221 Mon Sep 17 00:00:00 2001
From: AnsibleGuy <guy@ansibleguy.net>
Date: Mon, 6 Dec 2021 23:55:45 +0100
Subject: [PATCH] updated setting/header overwrite

---
 README.md                                        |  7 +++++++
 defaults/main.yml                                |  1 +
 .../etc/apache2/sites-available/site.conf.j2     | 16 ++++++++++------
 3 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 7dd3667..b5b0d15 100644
--- a/README.md
+++ b/README.md
@@ -62,6 +62,13 @@ This will also be done automatically if no domain is supplied.
 
 * **Warning:** Not every setting/variable you provide will be checked for validity. Bad config might break the role!
 
+
+* **Warning:** If you run a web application you might need to disable the 'Content-Security-Policy' header!
+
+
+* **Info:** To disable default settings and headers => just set their value to: ''
+
+
 ## Requirements
 
 * Community collection and certificate role: ```ansible-galaxy install -r requirements.yml```
diff --git a/defaults/main.yml b/defaults/main.yml
index 30a7e79..3c9ea5a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -187,3 +187,4 @@ apache_config_graylist: [
     'ServerAlias', 'ServerName', 'Redirect'
 ]
 force_removal: false
+NONE_VALUES: [none, '', ' ']
diff --git a/templates/etc/apache2/sites-available/site.conf.j2 b/templates/etc/apache2/sites-available/site.conf.j2
index 24b939f..3be1932 100644
--- a/templates/etc/apache2/sites-available/site.conf.j2
+++ b/templates/etc/apache2/sites-available/site.conf.j2
@@ -66,7 +66,7 @@
 {% if APACHE_CONFIG.config | length > 0 %}
   # global config
 {% for setting, value in APACHE_CONFIG.config.items() %}
-{%   if setting not in apache_config_graylist %}
+{%   if setting not in apache_config_graylist and value not in NONE_VALUES %}
   {{ setting }} {{ value }}
 {%   endif %}
 {% endfor %}
@@ -75,7 +75,7 @@
 {% if site.config | length > 0 %}
   # site-specific config
 {% for setting, value in site.config.items() %}
-{%   if setting not in apache_config_graylist %}
+{%   if setting not in apache_config_graylist and value not in NONE_VALUES %}
   {{ setting }} {{ value }}
 {%   endif %}
 {% endfor %}
@@ -85,10 +85,12 @@
   # global headers
   <IfModule mod_headers.c>
 {%   for header, value in APACHE_CONFIG.headers.items() %}
-{%     if 'Header' in header %}
+{%     if header not in site.headers and value not in NONE_VALUES %}
+{%       if 'Header' in header %}
     {{ header }} {{ value }}
-{%     else %}
+{%       else %}
     Header set {{ header }} {{ value }}
+{%       endif %}
 {%     endif %}
 {%   endfor %}
 
@@ -99,10 +101,12 @@
   # site-specific headers
   <IfModule mod_headers.c>
 {%   for header, value in site.headers.items() %}
-{%     if 'Header' in header %}
+{%     if value not in NONE_VALUES %}
+{%       if 'Header' in header %}
     {{ header }} {{ value }}
-{%     else %}
+{%       else %}
     Header set {{ header }} {{ value }}
+{%       endif %}
 {%     endif %}
 {%   endfor %}