grafana CSP backward compatible with older browsers

This commit is contained in:
sakkiii 2021-05-05 22:12:56 +05:30
parent d4d1e2e922
commit 303de935d5
2 changed files with 11 additions and 0 deletions

View File

@ -37,6 +37,11 @@ matrix_grafana_default_admin_password: admin
# [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy) # [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy)
matrix_grafana_content_security_policy: true matrix_grafana_content_security_policy: true
# specify content security policy template to customized template
# added 'unsafe-inline' (ignored by browsers supporting nonces/hashes) to be backward compatible with older browsers.
# added https: and http: url schemes (ignored by browsers supporting 'strict-dynamic') to be backward compatible with older browsers.
matrix_grafana_content_security_policy_customized: true
# A list of extra arguments to pass to the container # A list of extra arguments to pass to the container
matrix_grafana_container_extra_arguments: [] matrix_grafana_container_extra_arguments: []

View File

@ -8,6 +8,12 @@ admin_password = """{{ matrix_grafana_default_admin_password }}"""
# specify content_security_policy to add the Content-Security-Policy header to your requests # specify content_security_policy to add the Content-Security-Policy header to your requests
content_security_policy = "{{ matrix_grafana_content_security_policy }}" content_security_policy = "{{ matrix_grafana_content_security_policy }}"
# specify content security policy template to customized template
{% if matrix_synapse_metrics_enabled %}
content_security_policy_template = """script-src http: https: 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;base-uri 'self';connect-src 'self' grafana.com;manifest-src 'self';media-src 'none';form-action 'self';"""
{% else %}
{% endif %}
[auth.anonymous] [auth.anonymous]
# enable anonymous access # enable anonymous access
enabled = {{ matrix_grafana_anonymous_access }} enabled = {{ matrix_grafana_anonymous_access }}