Add Content-Security-Policy header templating for portal #2240
Conversation
Signed-off-by: Anders Bäckman <[email protected]>
anders-elastisys
force-pushed
the
add-portal-content-security-policy-header-templating
branch
from
b91aca2 to
00b230a
Compare
|
Hi @anders-elastisys , How' s you harbor been deployed? Would add the extra header from your either Nginx reverse proxy or ingress service side instead of adding it to the harbor-portal internal nginx match your expectation? |
|
Hi @MinerYang, Harbor is deployed in a Kubernetes cluster fronted by an Ingress with the Ingress-NGINX controller installed. Adding the header through Ingress is not an option in my case, as I do not want to allow snippet annotations as other users use Ingresses in the same cluster, and configuring a global CSP in the Ingress-NGINX controller is not really an option either as I'd rather be able to configure as strict CSPs as possible without breaking other applications backed by the Ingress controller. |
|
@MinerYang who can take a look at this? how does this get assigned a reviewer? Hi @anders-elastisys , I have just back from the vacation and I will keep taking a look on this PR. Please allow me some time to reviewing it. Best, |
2 participants
I wanted to option to add Content-Security-Policy headers for Harbor portal.
This adds templating to be able to configure this, setting the default to an empty string keeping the config the same as before the addition of this templating.
If preferred the templating could be more generic for adding any type of headers, not only Content-Security-Policy.
Let me know if there is another recommended way for configuring CSPs in Harbor, or if it would be preferred to add this as meta tag instead in the html?