Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow configuration of Content-Security-Policy #8213

Closed
wkloucek opened this issue Jan 16, 2024 · 2 comments
Closed

allow configuration of Content-Security-Policy #8213

wkloucek opened this issue Jan 16, 2024 · 2 comments
Labels
Category:Enhancement Add new functionality

Comments

@wkloucek
Copy link
Contributor

Is your feature request related to a problem? Please describe.

With the Web Embed mode, we actually need to set the Content-Security-Policy header.

Describe the solution you'd like

Similar to the oCIS CORS options there is a Content-Security-Policy option.

Describe alternatives you've considered

Leverage a reverse proxy that configures the Content-Security-Policy option.

That will be most of the time not be granular but a general rule like eg in nginx

more_set_headers "Content-Security-Policy: frame-ancestors 'self' https://foo.bar;";

Additional context
@wkloucek wkloucek added the Category:Enhancement Add new functionality label Jan 16, 2024
@wkloucek
Copy link
Contributor Author

wkloucek commented Apr 8, 2024

see:

@wkloucek
Copy link
Contributor Author

wkloucek commented Jun 8, 2024

Probably already implemented, need to reevaluate

@wkloucek wkloucek closed this as completed Jun 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Category:Enhancement Add new functionality
Projects
Infinite Scale Team Board
Archived in project
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wkloucek