From 3edd529773d7023f2b152c29560bda200c07af72 Mon Sep 17 00:00:00 2001 From: Markus Opolka Date: Fri, 14 Jun 2024 11:18:43 +0200 Subject: [PATCH] Add note about how to enable strict content security policy --- doc/20-Advanced-Topics.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/doc/20-Advanced-Topics.md b/doc/20-Advanced-Topics.md index c20c15c34a..97e4a49f4e 100644 --- a/doc/20-Advanced-Topics.md +++ b/doc/20-Advanced-Topics.md @@ -130,6 +130,16 @@ Therefore, you have to manually enable this policy explicitly and accept the ris the Icinga Web modules. Icinga Web and all it's components listed below, on the other hand, fully support strict CSP. If that's not the case, please submit an issue on GitHub in the respective repositories. +To enable the strict content security policy navigate to **Configuration > Application** and toggle "Enable strict content security policy", +or set the `use_strict_csp` in the `config.ini`. + +``` +vim /etc/icingaweb2/config.ini + +[security] +use_strict_csp = "1" +``` + Here is a list of all Icinga Web components that are capable of strict CSP. | Name | CSP supported since |