You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by bz...@apache.org on 2022/08/03 03:29:22 UTC
[apisix-dashboard] branch master updated: doc(csp): add correct csp rule (#2548)
This is an automated email from the ASF dual-hosted git repository.
bzp2010 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-dashboard.git
The following commit(s) were added to refs/heads/master by this push:
new d67a5a3a doc(csp): add correct csp rule (#2548)
d67a5a3a is described below
commit d67a5a3a3cfa983928ce2230ef38bf1b76daef65
Author: John Chever <ch...@gmail.com>
AuthorDate: Wed Aug 3 11:29:17 2022 +0800
doc(csp): add correct csp rule (#2548)
---
api/conf/conf.yaml | 3 +--
docs/en/latest/USER_GUIDE.md | 2 ++
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/api/conf/conf.yaml b/api/conf/conf.yaml
index 84e1f3ab..012147ee 100644
--- a/api/conf/conf.yaml
+++ b/api/conf/conf.yaml
@@ -66,8 +66,7 @@ conf:
# access_control_allow_headers: "Authorization"
# access_control-allow_methods: "*"
# x_frame_options: "deny"
- # content_security_policy: ""default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'""
-
+ # content_security_policy: "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src xx.xx.xx.xx:3000" # You can set frame-src to provide content for your grafana panel.
authentication:
secret:
diff --git a/docs/en/latest/USER_GUIDE.md b/docs/en/latest/USER_GUIDE.md
index 9058cd92..0cb03770 100644
--- a/docs/en/latest/USER_GUIDE.md
+++ b/docs/en/latest/USER_GUIDE.md
@@ -27,6 +27,8 @@ The following are parts of the modules' snapshot.
We support the monitor page by referencing it in [iframe](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe). Before accessing [Grafana](https://grafana.com/), please Enable [`allow_embedding=true`](https://grafana.com/docs/grafana/latest/administration/configuration/#allow_embedding), which defaults to `false`. This causes the browser to fail to render Grafana pages properly due to security policies.
+Solving this problem requires you to configure some csp rules. Please check the default configuration options for details. You can refer to this [link](https://github.com/apache/apisix-dashboard/blob/master/api/conf/conf.yaml) for the recommand rule.
+
![Dashboard-en](https://user-images.githubusercontent.com/40708551/112922395-0eed0380-912a-11eb-8c92-4c67d2bae4a8.png)
## Route