Middleware: Add CSP Report Only support (#58074)

* Middleware: Add CSP Report Only support * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Update csp documentation wording * Update conf/sample.ini Co-authored-by: Dave Henderson <dave.henderson@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Dave Henderson <dave.henderson@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Dave Henderson <dave.henderson@grafana.com> * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Dave Henderson <dave.henderson@grafana.com> * Update pkg/middleware/csp.go Co-authored-by: Dave Henderson <dave.henderson@grafana.com> Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Dave Henderson <dave.henderson@grafana.com>
2025-02-25 18:55:37 -06:00 · 2022-11-16 17:11:26 +00:00
parent aea860a3bd
commit f254a37d35
8 changed files with 158 additions and 41 deletions
--- a/docs/sources/setup-grafana/configure-grafana/_index.md
+++ b/docs/sources/setup-grafana/configure-grafana/_index.md
@@ -623,7 +623,16 @@ Set to `true` to add the Content-Security-Policy header to your requests. CSP al

 ### content_security_policy_template

-Set Content Security Policy template used when adding the Content-Security-Policy header to your requests. `$NONCE` in the template includes a random nonce.
+Set the policy template that will be used when adding the `Content-Security-Policy` header to your requests. `$NONCE` in the template includes a random nonce.
+
+### content_security_policy_report_only
+
+Set to `true` to add the `Content-Security-Policy-Report-Only` header to your requests. CSP in Report Only mode enables you to experiment with policies by monitoring their effects without enforcing them.
+You can enable both policies simultaneously.
+
+### content_security_policy_template
+
+Set the policy template that will be used when adding the `Content-Security-Policy-Report-Only` header to your requests. `$NONCE` in the template includes a random nonce.

 <hr />