Allow specifying additional custom CSP directives

manisandro · manisandro · commit e30294e0e7d7 · 2025-10-07T13:55:59.000+02:00
diff --git a/schemas/qwc-map-viewer.json b/schemas/qwc-map-viewer.json
@@ -143,6 +143,10 @@
           "type": "array",
           "items": {
             "type": "string"
+          },
+          "extra_csp_directives": {
+            "description": "Extra Content-Security-Policy header directives",
+            "type": "string"
           }
         }
       },
diff --git a/src/qwc2_viewer.py b/src/qwc2_viewer.py
@@ -108,6 +108,7 @@ def __init__(self, tenant, tenant_handler, logger):
 
         self.user_info_fields = config.get('user_info_fields', [])
         self.display_user_info_field = config.get('display_user_info_field')
+        self.extra_csp_directives = config.get('extra_csp_directives')
 
         # get config dir for tenant
         self.config_dir = os.path.dirname(
@@ -213,6 +214,8 @@ def qwc2_index(self, identity, params, request_url):
             "script-src 'nonce-%s' 'strict-dynamic'" % nonce,
             # "style-src 'nonce-%s'" % nonce # TODO
         ])
+        if self.extra_csp_directives:
+            csp += "; " + self.extra_csp_directives
         viewer_index = viewer_index.replace('<head>', '<head>\n<meta http-equiv="Content-Security-Policy" content="%s">' % csp)
         viewer_index = viewer_index.replace('<script ', '<script nonce="%s" ' % nonce)
 

Original file line number	Diff line number	Diff line change
`@@ -143,6 +143,10 @@`
`143`	`143`	`"type": "array",`
`144`	`144`	`"items": {`
`145`	`145`	`"type": "string"`
	`146`	`+ },`
	`147`	`+ "extra_csp_directives": {`
	`148`	`+ "description": "Extra Content-Security-Policy header directives",`
	`149`	`+ "type": "string"`
`146`	`150`	`}`
`147`	`151`	`}`
`148`	`152`	`},`