Open omeryesil opened 3 months ago
The '
is blocked for security reasons.
Also see these open issues: https://github.com/kubernetes/ingress-nginx/issues/7937 and https://github.com/kubernetes/ingress-nginx/issues/7811.
I'd wait for this to merge before committing to any solution: https://github.com/kubernetes/ingress-nginx/pull/9742
Issue We are not able to add CSP headers that contains single quotes. Example: nginx.ingress.kubernetes.io/configuration-snippet: > more_set_headers "Content-Security-Policy: upgrade-insecure-requests;default-src 'self';" ; ...
I did remove ' from annotation-value-word-blocklist in nginx configmap, but it keeps getting reverted to default values after restarting nginx deployment.
I do understand single quote is blocked because of security, but, I couldn't find another way to add CSP header.
Proposal We should be able to overwrite nginx configmap.