Its possible set Content Security Policy rules in configuration file?

sebaripari · May 14, 2019, 2:00am

Hi

I would like to be able to add the following rule to the CSP from a configuration file or from the frontend so as not to have to modify server code.

The rule that I would like to add is media-src ‘self’ blob:

Its possible?

The modification in the server look like this:

Thanks

amy.blais · May 14, 2019, 3:36pm

Hi @sebaripari,

Would you be open to sharing more details on why you’re looking to make this change?

sebaripari · May 14, 2019, 5:15pm

Hello @amy.blais !! Yes because in mattermost-webapp I’m using a library, Tone JS, that does import of blob and CSP block the page

This is the error:

DSchalla · May 15, 2019, 1:53pm

Hi @sebaripari,

we currently don’t support this on an application level, however, you can overwrite the headers in NGINX or the proxy solution you are using. Please be aware that this might have potential security impact.

sebaripari · May 16, 2019, 5:16am

Thanks @DSchalla

I will try overwriting the headers

Topic		Replies	Views
Set Custom Headers for Content-Security Troubleshooting	4	1154	January 21, 2021
[SOLVED] Penetration test Question About Mattermost nginx file access configuration Troubleshooting	1	1379	January 2, 2018
CORS issue on mattermost Troubleshooting	8	4345	October 5, 2021
TLS Manual Configuration Troubleshooting	4	215	January 23, 2024
Setting Up TLS for MM - Need CSR Troubleshooting	5	839	February 18, 2020

Its possible set Content Security Policy rules in configuration file?

Related Topics