-
Notifications
You must be signed in to change notification settings - Fork 502
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add how to configure Content Security Policy (CSP) rules in OpenSearch Dashboards dynamically #6291
Conversation
Fixing the style check errors |
Hi, @hdhalter and team, please help take a look. cc @seraphjiang |
Added @vagimeli as a reviewer since it involves Dashboards. |
@vagimeli Thanks for the review! I just accepted your edits. Below are the links to the two readme files. This is for the application configuration https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/src/plugins/application_config/README.md This is for the csp handler https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/src/plugins/csp_handler/README.md |
Signed-off-by: Tianle Huang <[email protected]>
Signed-off-by: Tianle Huang <[email protected]>
Signed-off-by: Tianle Huang <[email protected]>
Signed-off-by: Tianle Huang <[email protected]>
Signed-off-by: Tianle Huang <[email protected]>
Accidentally flushed your changes. Let me re-apply them. @vagimeli |
Signed-off-by: Tianle Huang <[email protected]>
@vagimeli please take a look again |
Signed-off-by: Melissa Vagi <[email protected]> Signed-off-by: Melissa Vagi <[email protected]>
@tianleh Thank you for the links. I've reviewed and moved the PR into the editorial review queue. Once the editor (@natebower) reviews, I'll incorporate any edits. If the editor has technical-related questions, I'll reach out to you as needed. Once the PR is approved and finalized, I'll merge it. Cheers, @vagimeli |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -0,0 +1,50 @@ | |||
--- | |||
layout: default | |||
title: Content Security Policy (CSP) rules dynamic configuration |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this match H1? Or "Dynamic configuration of CSP rules"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. I missed that change.
|
||
## Precedence | ||
|
||
Dynamic configurations override YAML configurations, except for empty CSP rules. To prevent `clickjacking`, a `frame-ancestors: self` directive is automatically added to YAML-defined rules that lack it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is "that lack it" necessary here (it reads slightly awkwardly), or could the sentence just end at "rules"? Or maybe "when necessary" instead?
Hi, @vagimeli I have gone through @natebower 's comments. They look like all about editorial aspects instead of technical aspects. Let me know if there is any action item at my side or you will take care of it. |
Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: Melissa Vagi <[email protected]>
Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: Melissa Vagi <[email protected]>
Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: Melissa Vagi <[email protected]>
Co-authored-by: Nathan Bower <[email protected]> Signed-off-by: Melissa Vagi <[email protected]>
@tianleh I've handled editorial. |
Signed-off-by: Melissa Vagi <[email protected]> Signed-off-by: Melissa Vagi <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doc and editorial reviews completed
Signed-off-by: Melissa Vagi <[email protected]> Signed-off-by: Melissa Vagi <[email protected]>
Description
This PR is to add instructions to configure CSP rules in OSD.
Issues Resolved
Closes #6139
Checklist
For more information on following Developer Certificate of Origin and signing off your commits, please check here.