Merge pull request #464 from calcom/add-csp-policy

dcharles525 · web-flow · commit cf6c21f6a2ab · 2025-09-12T14:25:15.000-04:00
Add CSP_Policy to .env.example
diff --git a/.env.example b/.env.example
@@ -61,3 +61,7 @@ EMAIL_SERVER_USER=email_user
 EMAIL_SERVER_PASSWORD=email_password
 
 NODE_ENV=production
+
+# Set this to 'non-strict' to enable CSP for support pages. 'strict' isn't supported yet. Also, check the README for details.
+# Content Security Policy
+CSP_POLICY=
diff --git a/Dockerfile b/Dockerfile
@@ -30,7 +30,8 @@ ENV NEXT_PUBLIC_WEBAPP_URL=http://NEXT_PUBLIC_WEBAPP_URL_PLACEHOLDER \
     NEXT_PUBLIC_SINGLE_ORG_SLUG=$NEXT_PUBLIC_SINGLE_ORG_SLUG \
     ORGANIZATIONS_ENABLED=$ORGANIZATIONS_ENABLED \
     NODE_OPTIONS=--max-old-space-size=${MAX_OLD_SPACE_SIZE} \
-    BUILD_STANDALONE=true
+    BUILD_STANDALONE=true \
+    CSP_POLICY=$CSP_POLICY
 
 COPY calcom/package.json calcom/yarn.lock calcom/.yarnrc.yml calcom/playwright.config.ts calcom/turbo.json calcom/i18n.json ./
 COPY calcom/.yarn ./.yarn
@@ -90,3 +91,4 @@ HEALTHCHECK --interval=30s --timeout=30s --retries=5 \
     CMD wget --spider http://localhost:3000 || exit 1
 
 CMD ["/calcom/scripts/start.sh"]
+
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -37,6 +37,7 @@ services:
         CALENDSO_ENCRYPTION_KEY: ${CALENDSO_ENCRYPTION_KEY}
         DATABASE_URL: ${DATABASE_URL}
         DATABASE_DIRECT_URL: ${DATABASE_URL}
+        CSP_POLICY: ${CSP_POLICY}
     restart: always
     networks:
       - stack
@@ -68,3 +69,4 @@ services:
       - prisma
       - studio
 # END SECTION: Optional use of Prisma Studio.
+
