You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by ja...@apache.org on 2021/09/18 14:00:27 UTC
[couchdb-documentation] branch main updated: feat: document new csp
stuff
This is an automated email from the ASF dual-hosted git repository.
jan pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/couchdb-documentation.git
The following commit(s) were added to refs/heads/main by this push:
new 9a2b735 feat: document new csp stuff
9a2b735 is described below
commit 9a2b735da0437c508f6bbcee5551ead337e1c56a
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Wed Sep 15 14:39:59 2021 +0200
feat: document new csp stuff
---
src/config/misc.rst | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 51 insertions(+), 1 deletion(-)
diff --git a/src/config/misc.rst b/src/config/misc.rst
index e7a10fb..719ca14 100644
--- a/src/config/misc.rst
+++ b/src/config/misc.rst
@@ -218,7 +218,57 @@ Content-Security-Policy
.. config:section:: csp :: Content-Security-Policy
- Experimental support of CSP Headers for ``/_utils`` (Fauxton).
+ You can configure ``Content-Security-Policy`` header for Fauxton, attachments and
+ show/list functions separately. See `MDN Content-Security-Policy <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy>`_
+ for more details on CSP.
+
+ .. config:option:: utils_enable
+
+ Enable the sending of the header ``Content-Security-Policy`` for ``/_utils``.
+ Defaults to ``true``::
+
+ [csp]
+ utils_enable = true
+
+ .. config:option:: utils_header_value
+
+ Specifies the exact header value to send. Defaults to::
+
+ [csp]
+ utils_header_value = default-src 'self'; img-src 'self'; font-src *; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
+
+ .. config:option:: attachments_enable
+
+ Enable sending the ``Content-Security-Policy`` header for attachments::
+
+ [csp]
+ attachments_enable = true
+
+ .. config:option:: attachments_header_value
+
+ Specifies the exact header value to send. Defaults to::
+
+ [csp]
+ attachments_header_value = sandbox
+
+ .. config:option:: showlist_enable
+
+ Enable sending the ``Content-Security-Policy`` header for show and list functions::
+
+ [csp]
+ showlist_enable = true
+
+ .. config:option:: showlist_header_value
+
+ Specifies the exact header value to send. Defaults to::
+
+ [csp]
+ showlist_header_value = sandbox
+
+ The pre 3.2.0 behaviour is still honoured, but we recommend updating
+ to the new format.
+
+ Experimental support of CSP headers for ``/_utils`` (Fauxton).
.. config:option:: enable