argo-cd/server
Zach Aller e9fae0df37
fix: Add Content-Security-Policy configuration option (#8943)
* fix: Add Content-Security-Policy configuration

This should finish up the work on issue #2706 by adding a configurable
Content-Security-Policy header which defaults to frame-ancestors 'self';

This matches what we do with X-Frame-Options=sameorigin some reference information found
here https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

Signed-off-by: zachaller <zachaller@hotmail.com>

* Run codegen

Signed-off-by: zachaller <zachaller@hotmail.com>

* fix: add ARGOCD_SERVER_CONTENT_SECURITY_POLICY env var to be configured via configmap

Signed-off-by: zachaller <zachaller@hotmail.com>
2022-03-31 14:48:35 -04:00
..
account fix: Update account.proto annotaion for gen grpc gateway (#6684) 2022-03-26 21:46:57 +02:00
application Merge pull request from GHSA-2f5v-8r3f-8pww 2022-03-22 10:57:30 -07:00
badge chore: Upgrade Go module to v2 (#5931) 2021-04-01 20:44:18 +02:00
cache feat: Use encrypted cookie to store OAuth2 state nonce (instead of redis) (#8241) 2022-01-26 10:59:50 -08:00
certificate chore: remove unused protobuf imports (#8815) 2022-03-17 12:25:43 -07:00
cluster feat: allow cli to remove cluster by name (#8823) 2022-03-28 14:35:39 -07:00
gpgkey chore: remove unused protobuf imports (#8815) 2022-03-17 12:25:43 -07:00
logout chore: Migrate to use golang-jwt/jwt v4.2.0 (#8136) 2022-01-13 13:12:21 -08:00
metrics feat: support pprof endpoints (#7533) 2021-11-01 10:49:43 -07:00
project chore: remove unused protobuf imports - part 2 (#8899) 2022-03-25 13:26:30 -04:00
rbacpolicy feat: Introduce RBAC based approach to pod logs #7211 (#8353) 2022-03-18 14:40:48 -04:00
repocreds chore: remove unused protobuf imports - part 2 (#8899) 2022-03-25 13:26:30 -04:00
repository chore: remove unused protobuf imports - part 2 (#8899) 2022-03-25 13:26:30 -04:00
session chore: remove unused protobuf imports - part 2 (#8899) 2022-03-25 13:26:30 -04:00
settings feat: Make hostname for status badges configurable (#8024) (#8436) 2022-02-10 19:17:26 +01:00
version feat: remove ksonnet from codebase (#8621) 2022-03-02 10:09:47 -08:00
server.go fix: Add Content-Security-Policy configuration option (#8943) 2022-03-31 14:48:35 -04:00
server_norace_test.go fix: Add Content-Security-Policy configuration option (#8943) 2022-03-31 14:48:35 -04:00
server_test.go fix: Add Content-Security-Policy configuration option (#8943) 2022-03-31 14:48:35 -04:00