safeweb: add support for custom CSP (#13975) - tailscale - The easiest, most secure way to use WireGuard and 2FA

diff options

author	Andrew Lytvynov <awly@tailscale.com>	2024-10-31 14:13:29 -0500
committer	GitHub <noreply@github.com>	2024-10-31 12:13:29 -0700
commit	ddbc950f466ff7fa4c0b2dfb11489311b0d384f2 (patch)
tree	83964f1d464efc44aa6b9e9b280abf676785f1bc /control/controlhttp/controlhttpserver
parent	6985369479db2c9d5bacccbde6d66630a81eb1ab (diff)
download	tailscale-ddbc950f466ff7fa4c0b2dfb11489311b0d384f2.tar.xz tailscale-ddbc950f466ff7fa4c0b2dfb11489311b0d384f2.zip

safeweb: add support for custom CSP (#13975)

To allow more flexibility with CSPs, add a fully customizable `CSP` type that can be provided in `Config` and encodes itself into the correct format. Preserve the `CSPAllowInlineStyles` option as is today, but maybe that'll get deprecated later in favor of the new CSP field. In particular, this allows for pages loading external JS, or inline JS with nonces or hashes (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_inline_script) Updates https://github.com/tailscale/corp/issues/8027 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>

Diffstat (limited to 'control/controlhttp/controlhttpserver')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: