You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the feature request
The application currently operates behind a proxy, and modifying its source code is not straightforward. Previously, it was possible to append a new domain (e.g., https://*.example.com) to the connect-src directive in the Content Security Policy (CSP) by adjusting the Nginx proxy configuration. This approach worked well for environments where middleware-enforced CSP required flexibility.
Problem
After the recent code changes introduced in PR #15003, this method is no longer viable. Updating the CSP to allow additional domains now requires more invasive or complex changes.
Feature Request
It would be incredibly helpful to have an easier way to append new domains to the connect-src directive of the CSP. Specifically, making this configurable or offering a mechanism to extend the domain list programmatically without modifying the source code directly. The relevant file appears to be contentSecurityPolicy.ts.
Question
Is there a potential workaround or an easy fix to enable this kind of flexibility in the current implementation? If not, could this be considered as an enhancement for future releases?
Thank you for considering this request. Please let me know if additional information or clarification is needed!
The text was updated successfully, but these errors were encountered:
I would also like to add to the request that in self hosted instances, the domain running the instance would be automatically included to be able to reference other local resources from the client, like an mqtt broker and the likes.
@poirazis In my specific case, the issue arises with subdomain communication in a self-hosted instance. The application is hosted on x.domain.com, but it is unable to establish communication with y.domain.com. This limitation poses a challenge when integrating local resources or services within the same domain hierarchy.
@cgtms i have a siminal usecase, so i had to disable the Security Policy all together
you can do so with and env variable DISABLE_CONTENT_SECURITY_POLICY
Describe the feature request
The application currently operates behind a proxy, and modifying its source code is not straightforward. Previously, it was possible to append a new domain (e.g., https://*.example.com) to the connect-src directive in the Content Security Policy (CSP) by adjusting the Nginx proxy configuration. This approach worked well for environments where middleware-enforced CSP required flexibility.
Problem
After the recent code changes introduced in PR #15003, this method is no longer viable. Updating the CSP to allow additional domains now requires more invasive or complex changes.
Feature Request
It would be incredibly helpful to have an easier way to append new domains to the connect-src directive of the CSP. Specifically, making this configurable or offering a mechanism to extend the domain list programmatically without modifying the source code directly. The relevant file appears to be contentSecurityPolicy.ts.
Question
Is there a potential workaround or an easy fix to enable this kind of flexibility in the current implementation? If not, could this be considered as an enhancement for future releases?
Thank you for considering this request. Please let me know if additional information or clarification is needed!
The text was updated successfully, but these errors were encountered: