Hi,
Does anyone know if it’s possible to set the Content-Security-Policy headers in the datahub front-end. We want to limit the posiblilties for XSS.
<@U02QJ0JMQ3V> might be able to speak to this!
<@U05ANL9RHK4> Did you maybe find an answer to set the CSP headers?
No I did set the env variable for secure cookies. AUTH_COOKIE_SECURE. Maybe <@UV5UEC3LN> can still help us?
Play supports doing this through configuration so it is technically possible by mounting a custom application.conf file to your pod/container: https://www.playframework.com/documentation/2.9.x/CspFilter#Enabling-Through-Configuration
We do have a ticket to have top level support for this so that it doesn’t require as much effort, but it is currently on the backlog and has not been prioritized