Set formAction CSP from Manager (#1499)
This commit is contained in:
parent
f97a810596
commit
4df8ce2c0e
|
@ -33,6 +33,7 @@ sub defaultValues {
|
|||
'cspConnect' => '\'self\'',
|
||||
'cspDefault' => '\'self\'',
|
||||
'cspFont' => '\'self\'',
|
||||
'cspFormAction' => '*',
|
||||
'cspImg' => '\'self\' data:',
|
||||
'cspScript' => '\'self\'',
|
||||
'cspStyle' => '\'self\'',
|
||||
|
|
|
@ -919,6 +919,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
|
|||
'default' => '\'self\'',
|
||||
'type' => 'text'
|
||||
},
|
||||
'cspFormAction' => {
|
||||
'default' => '*',
|
||||
'type' => 'text'
|
||||
},
|
||||
'cspImg' => {
|
||||
'default' => '\'self\' data:',
|
||||
'type' => 'text'
|
||||
|
|
|
@ -613,6 +613,11 @@ sub attributes {
|
|||
default => "'self'",
|
||||
documentation => 'Default value for Content-Security-Policy',
|
||||
},
|
||||
cspFormAction => {
|
||||
type => 'text',
|
||||
default => "*",
|
||||
documentation => 'Form action for Content-Security-Policy',
|
||||
},
|
||||
cspImg => {
|
||||
type => 'text',
|
||||
default => "'self' data:",
|
||||
|
|
|
@ -745,6 +745,7 @@ sub tree {
|
|||
'cspDefault', 'cspImg',
|
||||
'cspScript', 'cspStyle',
|
||||
'cspConnect', 'cspFont',
|
||||
'cspFormAction',
|
||||
]
|
||||
},
|
||||
'requireToken',
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -733,7 +733,7 @@ sub sendHtml {
|
|||
'X-Content-Type-Options' => 'nosniff';
|
||||
|
||||
# Set authorized URL for POST
|
||||
my $csp = $self->csp . "form-action 'self'";
|
||||
my $csp = $self->csp . "form-action 'self' " . $self->conf->{cspFormAction};
|
||||
if ( my $url = $req->urldc ) {
|
||||
$self->logger->debug("Required urldc : $url");
|
||||
$url =~ s#(https?://[^/]+).*#$1#;
|
||||
|
|
Loading…
Reference in New Issue
Block a user