tailscale

mirror of https://github.com/tailscale/tailscale.git synced 2024-11-25 11:05:45 +00:00

History

Andrew Lytvynov ddbc950f46 safeweb: add support for custom CSP (#13975 ) To allow more flexibility with CSPs, add a fully customizable `CSP` type that can be provided in `Config` and encodes itself into the correct format. Preserve the `CSPAllowInlineStyles` option as is today, but maybe that'll get deprecated later in favor of the new CSP field. In particular, this allows for pages loading external JS, or inline JS with nonces or hashes (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_inline_script) Updates https://github.com/tailscale/corp/issues/8027 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2024-10-31 12:13:29 -07:00
..
http_test.go	safeweb: add support for custom CSP (#13975 )	2024-10-31 12:13:29 -07:00
http.go	safeweb: add support for custom CSP (#13975 )	2024-10-31 12:13:29 -07:00

Andrew Lytvynov ddbc950f46

safeweb: add support for custom CSP (#13975 )

To allow more flexibility with CSPs, add a fully customizable `CSP` type
that can be provided in `Config` and encodes itself into the correct
format. Preserve the `CSPAllowInlineStyles` option as is today, but
maybe that'll get deprecated later in favor of the new CSP field.

In particular, this allows for pages loading external JS, or inline JS
with nonces or hashes (see
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_inline_script)

Updates https://github.com/tailscale/corp/issues/8027

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>

2024-10-31 12:13:29 -07:00

http_test.go

safeweb: add support for custom CSP (#13975 )

2024-10-31 12:13:29 -07:00

http.go

safeweb: add support for custom CSP (#13975 )

2024-10-31 12:13:29 -07:00