You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@couchdb.apache.org by ja...@apache.org on 2021/09/15 12:42:41 UTC

[couchdb-documentation] branch feat/csp-3.1.1 created (now cab6637)

This is an automated email from the ASF dual-hosted git repository.

jan pushed a change to branch feat/csp-3.1.1
in repository https://gitbox.apache.org/repos/asf/couchdb-documentation.git.


      at cab6637  feat: document csp 3.1.1 stuff, this is off the 3.1.1 tag

This branch includes the following new commits:

     new 0661449  feat: document new csp stuff
     new cab6637  feat: document csp 3.1.1 stuff, this is off the 3.1.1 tag

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[couchdb-documentation] 01/02: feat: document new csp stuff

Posted by ja...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

jan pushed a commit to branch feat/csp-3.1.1
in repository https://gitbox.apache.org/repos/asf/couchdb-documentation.git

commit 0661449bca68005fa9cb5c3870d82d2b168bcdc8
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Wed Sep 15 14:39:59 2021 +0200

    feat: document new csp stuff
---
 src/config/misc.rst | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 51 insertions(+), 1 deletion(-)

diff --git a/src/config/misc.rst b/src/config/misc.rst
index ed5fd2b..adf6725 100644
--- a/src/config/misc.rst
+++ b/src/config/misc.rst
@@ -218,7 +218,57 @@ Content-Security-Policy
 
 .. config:section:: csp :: Content-Security-Policy
 
-    Experimental support of CSP Headers for ``/_utils`` (Fauxton).
+  You can configure ``Content-Security-Policy`` header for Fauxton, attachments and
+  show/list functions separately. See `MDN Content-Security-Policy <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy>`_
+  for more details on CSP.
+
+    .. config:option:: utils_enable
+
+        Enable the sending of the header ``Content-Security-Policy``. Defaults
+        to ``true``::
+
+            [csp]
+            utils_enable = true
+
+    .. config:option:: utils_header_value
+
+        Specifies the exact header value to send. Defaults to::
+
+            [csp]
+            utils_header_value = default-src 'self'; img-src 'self'; font-src *; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
+
+    .. config:option:: attachments_enable
+
+        Enable sending the ``Content-Security-Policy`` header for attachments::
+
+            [csp]
+            attachments_enable = true
+
+    .. config:option:: attachments_header_value
+
+        Specifies the exact header value to send. Defaults to::
+
+            [csp]
+            attachments_header_value = sandbox
+
+    .. config:option:: showlist_enable
+
+        Enable sending the ``Content-Security-Policy`` header for show and list functions::
+
+            [csp]
+            showlist_enable = true
+
+    .. config:option:: showlist_header_value
+
+        Specifies the exact header value to send. Defaults to::
+
+            [csp]
+            showlist_header_value = sandbox
+
+    The pre 3.2.0 behaviour is still honoured, but we recommend updating
+    to the new format.
+
+    Experimental support of CSP headers for ``/_utils`` (Fauxton).
 
     .. config:option:: enable

[couchdb-documentation] 02/02: feat: document csp 3.1.1 stuff, this is off the 3.1.1 tag

Posted by ja...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

jan pushed a commit to branch feat/csp-3.1.1
in repository https://gitbox.apache.org/repos/asf/couchdb-documentation.git

commit cab6637d59da4ff267c58ba867c7675e44029bfe
Author: Jan Lehnardt <ja...@apache.org>
AuthorDate: Wed Sep 15 14:42:27 2021 +0200

    feat: document csp 3.1.1 stuff, this is off the 3.1.1 tag
---
 src/config/misc.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/config/misc.rst b/src/config/misc.rst
index adf6725..43046ec 100644
--- a/src/config/misc.rst
+++ b/src/config/misc.rst
@@ -242,7 +242,7 @@ Content-Security-Policy
         Enable sending the ``Content-Security-Policy`` header for attachments::
 
             [csp]
-            attachments_enable = true
+            attachments_enable = false
 
     .. config:option:: attachments_header_value
 
@@ -256,7 +256,7 @@ Content-Security-Policy
         Enable sending the ``Content-Security-Policy`` header for show and list functions::
 
             [csp]
-            showlist_enable = true
+            showlist_enable = false
 
     .. config:option:: showlist_header_value
 
@@ -265,7 +265,7 @@ Content-Security-Policy
             [csp]
             showlist_header_value = sandbox
 
-    The pre 3.2.0 behaviour is still honoured, but we recommend updating
+    The pre 3.1.2 behaviour is still honoured, but we recommend updating
     to the new format.
 
     Experimental support of CSP headers for ``/_utils`` (Fauxton).