how to add content security policy (CSP) to nginxinc ingress controller or ingress rule

Question

How to add content security policy (CSP) to nginxinc ingress controller or ingress rule.

I tried both of the below annotation to ingress rule but neither worked.

annotations:
  nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_headers "Content-Security-Policy-Report-Only: Content-Security-Policy: script-src 'self' 'none' ;";
      add_header Content-Security-Policy: default-src 'self' 'none' ;

This works. Your `more_set_headers` is not valid definitions as attempt to specify two headers there (`Content-Security-Policy` and `Content-Security-Policy-Report-Only` — fandasson, Jun 21 '23 at 11:34

score 0 · Answer 1 · answered Jun 21 '23 at 11:36

0

This works:

annotations:
  nginx.ingress.kubernetes.io/configuration-snippet: |
    more_set_headers "Content-Security-Policy-Report-Only: your-policy";

Remember to modify your-policy to something real ;-)

answered Jun 21 '23 at 11:36

fandasson

2,158
21
20

how to add content security policy (CSP) to nginxinc ingress controller or ingress rule

1 Answers1