nickva opened a new pull request #3742: URL: https://github.com/apache/couchdb/pull/3742
The original [commit](https://github.com/apache/couchdb/commit/64281c0358e206a54e3b1386a7bc3b3e7c30547f) was in the 3.x branch This introduces CSP settings for attachments and show/list funs and streamlines the configuration with the existing Fauxton CSP options. Deprecates the old `[csp] enable` and `[csp] header_value` config options, but they are honoured going forward. They are replaced with `[csp] utils_enable` and `[csp] utils_header_value` respectively. The functionality and default values remain the same. In addition, these new config options are added, along with their default values: ``` [csp] attachments_enable = false attachments_header_value = sandbox showlist_enable = false showlist_header_value = sandbox ``` When enabled, these add `Content-Security-Policy` headers to all attachment requests and to all non-JSON show and all list function responses. Co-authored-by: Nick Vatamaniuc <[email protected]> Co-authored-by: Robert Newson <[email protected]> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
