search

Azure / aks-app-routing-operator

Kubernetes operator that implements AKS Application Routing
https://learn.microsoft.com/en-us/azure/aks/app-routing
MIT License
29 stars 20 forks source link

Not able to add CSP Headers with single quotes #187

Open omeryesil opened 3 months ago

omeryesil commented 3 months ago

Issue We are not able to add CSP headers that contains single quotes. Example: nginx.ingress.kubernetes.io/configuration-snippet: > more_set_headers "Content-Security-Policy: upgrade-insecure-requests;default-src 'self';" ; ...

I did remove ' from annotation-value-word-blocklist in nginx configmap, but it keeps getting reverted to default values after restarting nginx deployment.

I do understand single quote is blocked because of security, but, I couldn't find another way to add CSP header.

Proposal We should be able to overwrite nginx configmap.

sabbour commented 3 months ago

The ' is blocked for security reasons. Also see these open issues: https://github.com/kubernetes/ingress-nginx/issues/7937 and https://github.com/kubernetes/ingress-nginx/issues/7811. I'd wait for this to merge before committing to any solution: https://github.com/kubernetes/ingress-nginx/pull/9742