Its possible set Content Security Policy rules in configuration file?


I would like to be able to add the following rule to the CSP from a configuration file or from the frontend so as not to have to modify server code.

The rule that I would like to add is media-src ‘self’ blob:

Its possible?

The modification in the server look like this:


Hi @sebaripari,

Would you be open to sharing more details on why you’re looking to make this change?

Hello @amy.blais !! Yes because in mattermost-webapp I’m using a library, Tone JS, that does import of blob and CSP block the page

This is the error:

Hi @sebaripari,

we currently don’t support this on an application level, however, you can overwrite the headers in NGINX or the proxy solution you are using. Please be aware that this might have potential security impact.

1 Like

Thanks @DSchalla

I will try overwriting the headers