File tree Expand file tree Collapse file tree 4 files changed +44
-0
lines changed
helmfile.d/values/grafana Expand file tree Collapse file tree 4 files changed +44
-0
lines changed Original file line number Diff line number Diff line change @@ -162,6 +162,17 @@ grafana:
162162 additionalConfigValues : " "
163163 dataproxy :
164164 timeout : 600
165+ contentSecurityPolicy :
166+ default-src : " 'self'"
167+ script-src : " 'self' 'unsafe-inline' 'strict-dynamic' $${q}NONCE https:"
168+ object-src : " 'none'"
169+ style-src : " 'self' 'unsafe-inline' blob:"
170+ img-src : " * data:"
171+ base-uri : " 'self'"
172+ connect-src : " 'self' grafana.com ws://$${q}ROOT_PATH wss://$${q}ROOT_PATH"
173+ media-src : " 'none'"
174+ form-action : " 'self'"
175+ require-trusted-types-for : " 'script'"
165176 user :
166177 enabled : true
167178 # subdomain moved to common-config
Original file line number Diff line number Diff line change @@ -4474,6 +4474,19 @@ properties:
44744474 additionalDatasources :
44754475 title : Grafana Additional Datasources
44764476 type : object
4477+ contentSecurityPolicy :
4478+ $ref : ' #/$defs/contentSecurityPolicy'
4479+ default :
4480+ default-src : " 'self'"
4481+ script-src : " 'self' 'unsafe-inline' 'strict-dynamic' $${q}NONCE https:"
4482+ object-src : " 'none'"
4483+ style-src : " 'self' 'unsafe-inline' blob:"
4484+ img-src : " * data:"
4485+ base-uri : " 'self'"
4486+ connect-src : " 'self' grafana.com ws://$${q}ROOT_PATH wss://$${q}ROOT_PATH"
4487+ media-src : " 'none'"
4488+ form-action : " 'self'"
4489+ require-trusted-types-for : " 'script'"
44774490 dataproxy :
44784491 title : Grafana dataproxy values
44794492 description : Configure Grafana dataproxy values
Original file line number Diff line number Diff line change @@ -132,6 +132,16 @@ grafana.ini:
132132 viewers_can_edit: {{ .Values.grafana.ops.viewersCanEdit }}
133133 dataproxy:
134134 timeout: {{ .Values.grafana.ops.dataproxy.timeout }}
135+ {{- with .Values.grafana.ops.contentSecurityPolicy }}
136+ security:
137+ content_security_policy: true
138+ {{- $grafanaCSP := list }}
139+ {{- range $cspKey , $cspValue := . }}
140+ {{- $grafanaCSP = append $grafanaCSP (printf " %s %s " $cspKey $cspValue ) }}
141+ {{- end }}
142+ content_security_policy_template: | -
143+ " " " {{ $grafanaCSP | join " " }}" " "
144+ {{- end }}
135145 {{- if .Values.grafana.ops.additionalConfigValues }}
136146 {{ .Values.grafana.ops.additionalConfigValues | nindent 2 }}
137147 {{- end }}
Original file line number Diff line number Diff line change @@ -130,6 +130,16 @@ grafana.ini:
130130 default_home_dashboard_path: /tmp/dashboards/welcome-dashboard.json
131131 dataproxy:
132132 timeout: {{ .Values.grafana.user.dataproxy.timeout }}
133+ {{- with .Values.grafana.user.contentSecurityPolicy }}
134+ security:
135+ content_security_policy: true
136+ {{- $grafanaCSP := list }}
137+ {{- range $cspKey , $cspValue := . }}
138+ {{- $grafanaCSP = append $grafanaCSP (printf " %s %s " $cspKey $cspValue ) }}
139+ {{- end }}
140+ content_security_policy_template: | -
141+ " " " {{ $grafanaCSP | join " " }}" " "
142+ {{- end }}
133143 {{- if .Values.grafana.user.additionalConfigValues }}
134144 {{ .Values.grafana.user.additionalConfigValues | nindent 2 }}
135145 {{- end }}
You can’t perform that action at this time.
0 commit comments