public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
29,898 Commits 655 Branches 650 Tags
7a96df875b7c272f7cf8cd366529ed056eb6a42e
Commit Graph

4 Commits

Author SHA1 Message Date
Grot (@grafanabot)
1e533f37ed Security: Update default CSP template and fix firefox CSP issues (#34836) (#35162) 
* Security: Update default content_security_policy_template
- Add 'strict-dynamic' back to script-src
- Add ws(s)://$ROOT_PATH to connect-src
- Change onEvent to on-event in angular templates to fix CSP issues in firefox.
- Add blob: to style-src

(cherry picked from commit 8143991b94)
 2021-06-03 12:11:14 +01:00
Arve Knudsen
aed1c013c0 CSP: Relax default template wrt. loading of scripts, due to nonces not working (#34363) 
* CSP: Relax default template, due to nonces not working

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* CSP: Add back data: to img-src

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
 2021-05-19 11:37:14 +02:00
Arve Knudsen
d1a9044171 CSP: Allow all image sources by default (#34265) 
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
 2021-05-18 13:41:55 +02:00
Arve Knudsen
50b649a869 Middleware: Add CSP support (#29740) 
* Middleware: Add support for CSP

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

Co-authored by @iOrcohen
 2021-01-12 07:42:32 +01:00