openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

OSDOCS#13072:Adds Content Security Policy for web console

Browse Source
This commit is contained in:
opayne1
2025-02-13 15:43:13 -05:00
committed by openshift-cherrypick-robot
parent 67fdf35608
commit b5f9bf24ec
4 changed files with 64 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
web_console/dynamic-plugin/content-security-policy.adoc Normal file
View File

@@ -0,0 +1,25 @@
:_mod-docs-content-type: ASSEMBLY
[id="content-security-policy_{context}"]
= Content Security Policy (CSP)
include::_attributes/common-attributes.adoc[]
:context: content-security-policy
toc::[]
You can specify Content Security Policy (CSP) directives for your dynamic plugin using the `contentSecurityPolicy` field in the `ConsolePluginSpec` file. This field helps mitigate potential security risks by specifying which sources are allowed for fetching content like scripts, styles, images, and fonts. For dynamic plugins that require loading resources from external sources, defining custom CSP rules ensures secure integration into the {product-title} console.
[IMPORTANT]
====
The console currently uses the `Content-Security-Policy-Report-Only` response header, so the browser will only warn about CSP violations in the web console and enforcement of CSP policies will be limited. CSP violations will be logged in the browser console, but the associated CSP directives will not be enforced. This feature is behind a `feature-gate`, so you will need to manually enable it.
For more information, see xref:../../nodes/clusters/nodes-cluster-enabling-features.adoc#nodes-cluster-enabling-features-console_nodes-cluster-enabling[Enabling feature sets using the web console].
====
include::modules/csp-overview.adoc[leveloffset=+1]
[role="_additional-resources"]
[id="content-security-policy_additional-resources"]
== Additional resources
* link:https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy[Content Security Policy (CSP)]

2
web_console/dynamic-plugin/dynamic-plugin-example.adoc
View File

@@ -8,4 +8,4 @@ toc::[]
Before working through the example, verify that the plugin is working by following the steps in xref:../../web_console/dynamic-plugin/dynamic-plugins-get-started.adoc#dynamic-plugin-development_dynamic-plugins-get-started[Dynamic plugin development]
include::modules/adding-tab-pods-page.adoc[leveloffset=+1]
include::modules/adding-tab-pods-page.adoc[leveloffset=+1]