Branch: refs/heads/master
Home:
https://github.com/tribe29/checkmk
Commit: b79a1e75ffbcc67437e211de4408471ebadd1852
https://github.com/tribe29/checkmk/commit/b79a1e75ffbcc67437e211de4408471eb…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2023-01-20 (Fri, 20 Jan 2023)
Changed paths:
M cmk/gui/http.py
M cmk/gui/userdb/saml2/pages.py
M omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf
M tests/integration/omd/test_web_access.py
Log Message:
-----------
Add possibility for custom allowed CSP form-actions
The saml http-post binding requests that you can send a HTTP form to the
IDP. Forms are controlled by the `form-action` CSP directive. Previously
the CSP was hard coded in `etc/apache/conf.d/security.conf`. If an IDP
was configured with the GUI one would then have to add a apache config
file. Thats undesired. Now you can add a CSP form-action to the
response global variable via
`response.set_csp_form_action("http://foobar.com")`. This then sets one
distinct form-action to the header. Apache then uses this value and
creates the overall CSP header.
CMK-11991
Change-Id: I26b4e38edf694a20e8fe55cfcc731963b2b02335