Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow different helmet config to be specified per request path & upgrade helmet to v8.0.0 #3572

Open
t83714 opened this issue Dec 2, 2024 · 0 comments
Open

Allow different helmet config to be specified per request path & upgrade helmet to v8.0.0 #3572

t83714 opened this issue Dec 2, 2024 · 0 comments
Labels
feature request
Milestone
v5.0.0

Comments

@t83714
Copy link
Contributor

t83714 commented Dec 2, 2024

Allow different helmet config to be specified per request path & upgrade helmet to v8.0.0

When deploying Magda, a user might want to specify different helmet configs for different routes (request path) to allow greater flexibility (e.g. different CSP for different routes).

This ticket introduces a new helm chart config helmetPerPath that allows different config to be specified per request paths. e.g.:

helmetPerPath:
  "routeA/abc": 
    referrerPolicy:
      policy: strict-origin-when-cross-origin

We will also upgrade the helmet to the latest v8.0.0. Other changes related to this:

  • users can config content security policy helmet config via key contentSecurityPolicy. Consistent with helmet v8 config reference
  • helm chart config key csp is deprecated. User should config content security policy via helmet.contentSecurityPolicy or helmetPerPath.xxx.contentSecurityPolicy.
@t83714 t83714 added this to the v5.0.0 milestone Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request
Projects
None yet
Milestone
v5.0.0
Development

No branches or pull requests
1 participant
@t83714