tailscale/tsweb
Andrew Lytvynov 7c04846eac
tsweb: relax CSP for debug handlers (#8649)
Allow inline CSS for debug handlers to make prototyping easier. These
are generally not accessible to the public and the small risk of CSS
injection via user content seems acceptable.

Also allow form submissions on the same domain, instead of banning all
forms. An example of such form is
http://webhooks.corp.ts.net:6359/debug/private-nodes/

Updates #3576

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2023-07-19 11:58:29 -07:00
..
promvarz tsweb/promvarz: fix repeated expvar definition in test 2023-05-06 09:53:09 -07:00
varz metrics: add histogram support 2023-07-18 09:18:55 -07:00
debug_test.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
debug.go tsweb: relax CSP for debug handlers (#8649) 2023-07-19 11:58:29 -07:00
log.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
tsweb_test.go tstest: prepare for Clock API changes 2023-07-06 17:03:19 -04:00
tsweb.go tsweb: relax CSP for debug handlers (#8649) 2023-07-19 11:58:29 -07:00