Merge pull request #1036 from sakkiii/grafana-csp

Grafana csp template backward compatible with older browsers
This commit is contained in:
Slavi Pantaleev 2021-05-10 10:09:13 +03:00 committed by GitHub
commit c19508087a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 0 deletions

View File

@ -37,6 +37,13 @@ matrix_grafana_default_admin_password: admin
# [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy) # [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy)
matrix_grafana_content_security_policy: true matrix_grafana_content_security_policy: true
# specify content security policy template to customized template
# added 'unsafe-inline' (ignored by browsers supporting nonces/hashes) to be backward compatible with older browsers.
# added https: and http: url schemes (ignored by browsers supporting 'strict-dynamic') to be backward compatible with older browsers.
# [Content Security Policy Browser Test] (https://content-security-policy.com/browser-test/)
# [Content Security Policy Reference](https://content-security-policy.com/script-src/)
matrix_grafana_content_security_policy_customized: true
# A list of extra arguments to pass to the container # A list of extra arguments to pass to the container
matrix_grafana_container_extra_arguments: [] matrix_grafana_container_extra_arguments: []

View File

@ -8,6 +8,11 @@ admin_password = """{{ matrix_grafana_default_admin_password }}"""
# specify content_security_policy to add the Content-Security-Policy header to your requests # specify content_security_policy to add the Content-Security-Policy header to your requests
content_security_policy = "{{ matrix_grafana_content_security_policy }}" content_security_policy = "{{ matrix_grafana_content_security_policy }}"
# specify content security policy template to customized template
{% if matrix_grafana_content_security_policy_customized %}
content_security_policy_template = """script-src http: https: 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;base-uri 'self';connect-src 'self' grafana.com;manifest-src 'self';media-src 'none';form-action 'self';"""
{% endif %}
[auth.anonymous] [auth.anonymous]
# enable anonymous access # enable anonymous access
enabled = {{ matrix_grafana_anonymous_access }} enabled = {{ matrix_grafana_anonymous_access }}