You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by bz...@apache.org on 2022/08/03 03:29:22 UTC

[apisix-dashboard] branch master updated: doc(csp): add correct csp rule (#2548)

This is an automated email from the ASF dual-hosted git repository.

bzp2010 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-dashboard.git


The following commit(s) were added to refs/heads/master by this push:
     new d67a5a3a doc(csp): add correct csp rule (#2548)
d67a5a3a is described below

commit d67a5a3a3cfa983928ce2230ef38bf1b76daef65
Author: John Chever <ch...@gmail.com>
AuthorDate: Wed Aug 3 11:29:17 2022 +0800

    doc(csp): add correct csp rule (#2548)
---
 api/conf/conf.yaml           | 3 +--
 docs/en/latest/USER_GUIDE.md | 2 ++
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/api/conf/conf.yaml b/api/conf/conf.yaml
index 84e1f3ab..012147ee 100644
--- a/api/conf/conf.yaml
+++ b/api/conf/conf.yaml
@@ -66,8 +66,7 @@ conf:
   #   access_control_allow_headers: "Authorization"
   #   access_control-allow_methods: "*"
   #   x_frame_options: "deny"
-  #   content_security_policy: ""default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'""
-
+  #   content_security_policy: "default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src xx.xx.xx.xx:3000"  # You can set frame-src to provide content for your grafana panel.
 
 authentication:
   secret:
diff --git a/docs/en/latest/USER_GUIDE.md b/docs/en/latest/USER_GUIDE.md
index 9058cd92..0cb03770 100644
--- a/docs/en/latest/USER_GUIDE.md
+++ b/docs/en/latest/USER_GUIDE.md
@@ -27,6 +27,8 @@ The following are parts of the modules' snapshot.
 
 We support the monitor page by referencing it in [iframe](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe). Before accessing [Grafana](https://grafana.com/), please Enable [`allow_embedding=true`](https://grafana.com/docs/grafana/latest/administration/configuration/#allow_embedding), which defaults to `false`. This causes the browser to fail to render Grafana pages properly due to security policies.
 
+Solving this problem requires you to configure some csp rules. Please check the default configuration options for details. You can refer to this [link](https://github.com/apache/apisix-dashboard/blob/master/api/conf/conf.yaml) for the recommand rule.
+
 ![Dashboard-en](https://user-images.githubusercontent.com/40708551/112922395-0eed0380-912a-11eb-8c92-4c67d2bae4a8.png)
 
 ## Route