janl opened a new pull request #3724: URL: https://github.com/apache/couchdb/pull/3724
This introduces CSP settings for attachments and show/list funs and streamlines the configuration with the existing Fauxton CSP options. Deprecates the old `[csp] enable` and `[csp] header_value` config options, but they are honoured going forward. They are replaced with `[csp] utils_enable` and `[csp] utils_header_value` respectively. The funcitonality and default values remain the same. In addition, these new config options are added, along with their default values: ``` [csp] attachments_enable = true attachments_header_value = sandbox showlist_enable = true showlist_header_value = sandbox ``` These add `Content-Security-Policy` headers to all attachment requests and to all non-JSON show and all list function responses. Co-authored-by: Nick Vatamaniuc <[email protected]> Co-authored-by: Robert Newson <[email protected]> <!-- Thank you for your contribution! Please file this form by replacing the Markdown comments with your text. If a section needs no action - remove it. Also remember, that CouchDB uses the Review-Then-Commit (RTC) model of code collaboration. Positive feedback is represented +1 from committers and negative is a -1. The -1 also means veto, and needs to be addressed to proceed. Once there are no objections, the PR can be merged by a CouchDB committer. See: http://couchdb.apache.org/bylaws.html#decisions for more info. --> ## Overview <!-- Please give a short brief for the pull request, what problem it solves or how it makes things better. --> ## Testing recommendations <!-- Describe how we can test your changes. Does it provides any behaviour that the end users could notice? --> ## Related Issues or Pull Requests <!-- If your changes affects multiple components in different repositories please put links to those issues or pull requests here. --> ## Checklist - [x] Code is written and works correctly - [x] Changes are covered by tests - [x] Any new configurable parameters are documented in `rel/overlay/etc/default.ini` - [ ] A PR for documentation changes has been made in https://github.com/apache/couchdb-documentation -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
