Skip to content

Config: Update CSP header to allow loading content from a CDN #3454

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
lastzero opened this issue Jun 7, 2023 · 0 comments
Closed

Config: Update CSP header to allow loading content from a CDN #3454

lastzero opened this issue Jun 7, 2023 · 0 comments
Assignees
@lastzero
Labels
enhancement Enhancement or improvement of an existing feature plus-feature Available to PhotoPrism+ Members released Available in the stable release security Impact on server or browser security

Comments

@lastzero
Copy link
Member

lastzero commented Jun 7, 2023
edited
Loading

As a user who has configured a CDN, I want the HTTP security headers to be automatically updated to include the domain name so that content loaded from the CDN is not blocked by default.

Note that this was only an issue with the Plus security extension enabled, as it uses different default settings. It is therefore labeled as a "plus feature". Using a CDN is of course also possible with our Community Edition.
@lastzero lastzero added the enhancement Enhancement or improvement of an existing feature label Jun 7, 2023
@lastzero lastzero self-assigned this Jun 7, 2023
@lastzero lastzero added security Impact on server or browser security plus-feature Available to PhotoPrism+ Members labels Jun 7, 2023
lastzero added a commit that referenced this issue Jun 7, 2023
@lastzero
Config: Update CSP header to allow loading content from a CDN #3454
59bf7cb 
Signed-off-by: Michael Mayer <michael@photoprism.app>
@lastzero lastzero changed the title Config: Automatically allow loading content from the domain of a CDN Config: Update CSP header to allow loading content from a CDN Jun 7, 2023
@lastzero lastzero mentioned this issue Jun 7, 2023
Closed
@lastzero lastzero added please-test Ready for acceptance test released Available in the stable release and removed please-test Ready for acceptance test labels Jun 7, 2023
@lastzero lastzero closed this as completed Jun 7, 2023
@lastzero lastzero moved this to Released 🌈 in Roadmap 🚀✨ Jun 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lastzero lastzero

Labels
enhancement Enhancement or improvement of an existing feature plus-feature Available to PhotoPrism+ Members released Available in the stable release security Impact on server or browser security
Projects
Roadmap 🚀✨
Status: Release 🌈
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lastzero