Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-32652

Allow to configure the Content Security Policy with nuxeo.conf parameter

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2025.x, 2021.58, 2023.16
    • Component/s: Web Common
    • Release Notes Summary:
      A new nuxeo.conf property allows to override the default Content Security Policy.
    • Release Notes Description:
      Hide

      Added new nuxeo.conf property to override the default Content Security Policy:

      nuxeo.content.security.policy=img-src data: blob: *; default-src blob: *; script-src 'nonce-dummy' 'unsafe-eval' 'strict-dynamic'; style-src 'unsafe-inline' *; font-src data: *
      Show
      Added new nuxeo.conf property to override the default Content Security Policy: nuxeo.content.security.policy=img-src data: blob: *; default -src blob: *; script-src 'nonce-dummy' 'unsafe-eval' 'strict-dynamic' ; style-src 'unsafe-inline' *; font-src data: *
    • Tags:
    • Team:
      PLATFORM
    • Sprint:
      nxplatform #114, nxplatform #115, nxplatform #116, nxplatform #117
    • Story Points:
      3

      Description

      Currently, the only way to configure the CSP used is through an XML contribution.

      We want to be able to use a nuxeo.conf property such as:

      nuxeo.content.security.policy=img-src data: blob: *; default-src blob: *; script-src 'nonce-dummy' 'unsafe-eval' 'strict-dynamic'; style-src 'unsafe-inline' *; font-src data: *

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: