grafana CSP backward compatible with older browsers
This commit is contained in:
parent
d4d1e2e922
commit
303de935d5
|
@ -37,6 +37,11 @@ matrix_grafana_default_admin_password: admin
|
|||
# [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy)
|
||||
matrix_grafana_content_security_policy: true
|
||||
|
||||
# specify content security policy template to customized template
|
||||
# added 'unsafe-inline' (ignored by browsers supporting nonces/hashes) to be backward compatible with older browsers.
|
||||
# added https: and http: url schemes (ignored by browsers supporting 'strict-dynamic') to be backward compatible with older browsers.
|
||||
matrix_grafana_content_security_policy_customized: true
|
||||
|
||||
# A list of extra arguments to pass to the container
|
||||
matrix_grafana_container_extra_arguments: []
|
||||
|
||||
|
|
|
@ -8,6 +8,12 @@ admin_password = """{{ matrix_grafana_default_admin_password }}"""
|
|||
# specify content_security_policy to add the Content-Security-Policy header to your requests
|
||||
content_security_policy = "{{ matrix_grafana_content_security_policy }}"
|
||||
|
||||
# specify content security policy template to customized template
|
||||
{% if matrix_synapse_metrics_enabled %}
|
||||
content_security_policy_template = """script-src http: https: 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' $NONCE;object-src 'none';font-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data:;base-uri 'self';connect-src 'self' grafana.com;manifest-src 'self';media-src 'none';form-action 'self';"""
|
||||
{% else %}
|
||||
{% endif %}
|
||||
|
||||
[auth.anonymous]
|
||||
# enable anonymous access
|
||||
enabled = {{ matrix_grafana_anonymous_access }}
|
||||
|
|
Loading…
Reference in a new issue