🐛fix CSP frame-ancestors for dynamic-sidecar services

[GitHK]

What do these changes do?

Services like JupyterLab when running inside an iframe might also try to display an iframe (for example to display the Voila preview).

Related issue/s

How to test

Checklist

[codecov]

Codecov Report

Merging #2977 (51cb117) into master (d2d1348) will increase coverage by 0.2%.
The diff coverage is n/a.

@@           Coverage Diff            @@
##           master   #2977     +/-   ##
========================================
+ Coverage    80.4%   80.7%   +0.2%     
========================================
  Files         326     558    +232     
  Lines       16358   25636   +9278     
  Branches     2044    3392   +1348     
========================================
+ Hits        13161   20699   +7538     
- Misses       2723    4169   +1446     
- Partials      474     768    +294     

Flag	Coverage Δ
integrationtests	65.7% <ø> (+<0.1%)	⬆️
unittests	75.9% <ø> (+1.9%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...ules/dynamic_sidecar/docker_service_specs/proxy.py	100.0% <ø> (ø)
...ector_v2/modules/comp_scheduler/background_task.py	83.3% <0.0%> (-8.4%)	⬇️
...mcore_service_webserver/garbage_collector_utils.py	79.4% <0.0%> (-3.0%)	⬇️
...rector_v2/modules/comp_scheduler/base_scheduler.py	86.7% <0.0%> (-1.9%)	⬇️
...e_service_director_v2/modules/dask_clients_pool.py	92.4% <0.0%> (-1.6%)	⬇️
...imcore_service_webserver/garbage_collector_core.py	68.2% <0.0%> (-0.7%)	⬇️
...ice-library/src/servicelib/aiohttp/rest_routing.py	78.0% <0.0%> (ø)
...ces/director/src/simcore_service_director/utils.py	100.0% <0.0%> (ø)
...ages/models-library/src/models_library/clusters.py	100.0% <0.0%> (ø)
...dels-library/src/models_library/app_diagnostics.py	100.0% <0.0%> (ø)
... and 281 more

[pcrespov]

Don't you need commas between these two values?

I see other entries of traefik that requires that ... for instance

osparc-simcore/services/director-v2/src/simcore_service_director_v2/modules/dynamic_sidecar/docker_service_specs/proxy.py

Line 57 in dd94393

f"traefik.http.middlewares.{scheduler_data.proxy_service_name}-security-headers.headers.accessControlAllowOriginList": ",".join(

[pcrespov]

Q: scheduler_data.node_uuid}.services.{scheduler_data.request_dns} is the entrypoint of a dynamic services, right? I see that the project id is not used for that. Does this assume that nodes have universal identifiers? i.e. two projects cannot include a node with the same NodeID as dynamic service ..

[GitHK]

Yes, that is exactly the entrypoint and we are saying to CSP that it can start iframes, to allow for iframe in iframes.

Yes, that is the same assumption as the legacy services!

[pcrespov]

@GitHK @sanderegg OK, just for the record:
it would be good to identify dynamic services with something more than the node UUID (e.g. project_uuid/node_uuid)

We would like to guarantee the node-uuid uniquenes only within the scope of its project. That would help us a lot on:

• simplifies duplication of projects
• simplifies caching in metamodling iterations
• ...

See #2133 for more details

[sanderegg]

ok, we need to discuss whether the project_id should be added. But I guess this can done in a separate PR