Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Update codefresh-on-prem.md#347

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
kostis-codefresh merged 2 commits intomasterfromnima-csp-release-notes
Dec 6, 2021
Merged
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions_docs/administration/codefresh-on-prem.md
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -559,7 +559,21 @@ spec:

Both http and https target port should be set to **80**.

### Configure CSP (Content Security Policy)
Add CSP environment variables to `config.yaml`, and define the values to be returned in the CSP HTTP headers.
```yaml
cfui:
env:
CONTENT_SECURITY_POLICY: "<YOUR SECURITY POLICIES>"
CONTENT_SECURITY_POLICY_REPORT_ONLY: "default-src 'self'; font-src 'self'
https://fonts.gstatic.com; script-src 'self' https://unpkg.com https://js.stripe.com;
style-src 'self' https://fonts.googleapis.com; 'unsafe-eval' 'unsafe-inline'"
CONTENT_SECURITY_POLICY_REPORT_TO: "<LIST OF ENDPOINTS AS JSON OBJECTS>"
```
`CONTENT_SECURITY_POLICY` is the string describing content policies. Use semi-colons to separate between policies.
`CONTENT_SECURITY_POLICY_REPORT_TO` is a comma-separated list of JSON objects. Each object must have a name and an array of endpoints that receive the incoming CSP reports.

For detailed information, see the [Content Security Policy article on MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP).
## Using existing external services for data storage/messaging

Normally the Codefresh installer, is taking care of all needed dependencies internally by deploying the respective services (mongo, redis etc) on its own.
Expand Down
[8]ページ先頭
©2009-2025 Movatter.jp