Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: b79a1e75ffbcc67437e211de4408471ebadd1852 https://github.com/tribe29/checkmk/commit/b79a1e75ffbcc67437e211de4408471eb… Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com> Date: 2023-01-20 (Fri, 20 Jan 2023) Changed paths: M cmk/gui/http.py M cmk/gui/userdb/saml2/pages.py M omd/packages/apache-omd/skel/etc/apache/conf.d/security.conf M tests/integration/omd/test_web_access.py Log Message: ----------- Add possibility for custom allowed CSP form-actions The saml http-post binding requests that you can send a HTTP form to the IDP. Forms are controlled by the `form-action` CSP directive. Previously the CSP was hard coded in `etc/apache/conf.d/security.conf`. If an IDP was configured with the GUI one would then have to add a apache config file. Thats undesired. Now you can add a CSP form-action to the response global variable via `response.set_csp_form_action("http://foobar.com")`. This then sets one distinct form-action to the header. Apache then uses this value and creates the overall CSP header. CMK-11991 Change-Id: I26b4e38edf694a20e8fe55cfcc731963b2b02335