[NXP-32652] Allow to configure the Content Security Policy with nuxeo.conf parameter - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2025.x, 2021.58, 2023.16
Component/s: Web Common

Release Notes Summary:
A new nuxeo.conf property allows to override the default Content Security Policy.
Release Notes Description:
Hide

Added new nuxeo.conf property to override the default Content Security Policy:

nuxeo.content.security.policy=img-src data: blob: *; default-src blob: *; script-src 'nonce-dummy' 'unsafe-eval' 'strict-dynamic'; style-src 'unsafe-inline' *; font-src data: *
Show
Added new nuxeo.conf property to override the default Content Security Policy: nuxeo.content.security.policy=img-src data: blob: *; default -src blob: *; script-src 'nonce-dummy' 'unsafe-eval' 'strict-dynamic' ; style-src 'unsafe-inline' *; font-src data: *
Tags:
- nxplatform
Team:
PLATFORM
Sprint:
nxplatform #114, nxplatform #115, nxplatform #116, nxplatform #117
Story Points:
3

Description

Currently, the only way to configure the CSP used is through an XML contribution.

We want to be able to use a nuxeo.conf property such as:

nuxeo.content.security.policy=img-src data: blob: *; default-src blob: *; script-src 'nonce-dummy' 'unsafe-eval' 'strict-dynamic'; style-src 'unsafe-inline' *; font-src data: *

Attachments

Activity

People

Assignee:

Thomas Roger

Reporter:

Thomas Roger

Participants:

Jenkins, Thomas Roger

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2024-05-28 15:01

Updated:

2024-08-12 09:56

Resolved:

2024-07-22 13:04