Skip to content
This repository was archived by the owner on Oct 17, 2022. It is now read-only.

Commit c785eb1

Browse files
committed
feat: document csp 3.1.1 stuff, this is off the 3.1.1 tag
1 parent 3f39035 commit c785eb1

File tree

1 file changed

+51
-1
lines changed

1 file changed

+51
-1
lines changed

src/config/misc.rst

Lines changed: 51 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -218,7 +218,57 @@ Content-Security-Policy
218218

219219
.. config:section:: csp :: Content-Security-Policy
220220
221-
Experimental support of CSP Headers for ``/_utils`` (Fauxton).
221+
You can configure ``Content-Security-Policy`` header for Fauxton, attachments and
222+
show/list functions separately. See `MDN Content-Security-Policy <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy>`_
223+
for more details on CSP.
224+
225+
.. config:option:: utils_enable
226+
227+
Enable the sending of the header ``Content-Security-Policy`` for ``/_utils``.
228+
Defaults to ``true``::
229+
230+
[csp]
231+
utils_enable = true
232+
233+
.. config:option:: utils_header_value
234+
235+
Specifies the exact header value to send. Defaults to::
236+
237+
[csp]
238+
utils_header_value = default-src 'self'; img-src 'self'; font-src *; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
239+
240+
.. config:option:: attachments_enable
241+
242+
Enable sending the ``Content-Security-Policy`` header for attachments::
243+
244+
[csp]
245+
attachments_enable = false
246+
247+
.. config:option:: attachments_header_value
248+
249+
Specifies the exact header value to send. Defaults to::
250+
251+
[csp]
252+
attachments_header_value = sandbox
253+
254+
.. config:option:: showlist_enable
255+
256+
Enable sending the ``Content-Security-Policy`` header for show and list functions::
257+
258+
[csp]
259+
showlist_enable = false
260+
261+
.. config:option:: showlist_header_value
262+
263+
Specifies the exact header value to send. Defaults to::
264+
265+
[csp]
266+
showlist_header_value = sandbox
267+
268+
The pre 3.1.2 behaviour is still honoured, but we recommend updating
269+
to the new format.
270+
271+
Experimental support of CSP headers for ``/_utils`` (Fauxton).
222272

223273
.. config:option:: enable
224274

0 commit comments

Comments
 (0)