Self Hosted config options (helmet's adaptation) - Githubissues

directus / directus

The flexible backend for all your projects 🐰 Turn your DB into a headless CMS, admin panels, or apps with a custom UI, instant APIs, auth & more.

https://directus.io

Other

27.11k stars 3.8k forks source link

Self Hosted config options (helmet's adaptation) #21548

Open triplecasquette opened 6 months ago

triplecasquette commented 6 months ago

Describe the Request

I think it would be nice to add at least:

OR

a more precise docs for CONTENT_SECURITYPOLICY*
a doc page for how to setup livepreview for self hosted

because now (not some times ago) I had a CSP error with IFRAME.

So I spend hours to understand (not find it but I deducted it) that

CONTENT_SECURITY_POLICY_DIRECTIVES__FRAME_SRC="array:https://www.yourwebsite.com/"

In the .env file was the solution ^^

Maintainence Strategy

As often as the config option of CSP will change

Th1nhNg0 commented 4 months ago

Thanks. we need a document for this