Customize Content Security Policy

weird-oecophylla · October 23, 2023, 2:02pm

Hi,

I developped a web plugin which is embedding an iframe.

However the iframe loading is blocked by Content Security Policy set to default-src.

It seems to be a new security parameter as I did not encounter this error on graylog 5.0.8.

The current version of graylog I’m working on is 5.1.4.

Does any parameter officially exist for customizing th CSP ?

weird-oecophylla · October 24, 2023, 8:26am

I discovered the new parameter http_allow_embedding.

However it did not fix the problem once parameter set to true.

system · November 7, 2023, 8:27am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Embedding external content Graylog Add-ons documentation , components	1	212	November 10, 2023
Graylog 4.3 - reinstall plugin Graylog Central (peer support)	8	884	September 16, 2022
Report_disable_sandbox Graylog Central (peer support)	3	785	June 28, 2019
Customise graylog UI Graylog Central (peer support)	2	829	January 30, 2018
CORS security findings on GrayLog UI Graylog Central (peer support)	1	628	August 20, 2018