Enable csp on lens proxy (#5581)

* enable csp on lens proxy Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com> * move csp default value to package.json Signed-off-by: Jari Kolehmainen <jari.kolehmainen@gmail.com>
2025-05-20 05:10:56 +00:00 · 2022-06-09 13:39:37 +03:00 · 2022-06-09 13:39:37 +03:00 · 240dfad167
commit 240dfad167
parent 2b5d54e8d9
3 changed files with 8 additions and 2 deletions
--- a/package.json
+++ b/package.json
@ -49,7 +49,8 @@
    "k8sProxyVersion": "0.2.1",
    "bundledKubectlVersion": "1.23.3",
    "bundledHelmVersion": "3.7.2",
-    "sentryDsn": ""
+    "sentryDsn": "",
+    "contentSecurityPolicy": "script-src 'unsafe-eval' 'self'; frame-src http://*.localhost:*/; img-src *"
  },
  "engines": {
    "node": ">=16 <17"
--- a/src/common/vars.ts
+++ b/src/common/vars.ts
@ -143,3 +143,4 @@ export const appSemVer = new SemVer(packageInfo.version);
 export const docsUrl = "https://docs.k8slens.dev/main/" as string;

 export const sentryDsn = packageInfo.config?.sentryDsn ?? "";
+export const contentSecurityPolicy = packageInfo.config?.contentSecurityPolicy ?? "";
--- a/src/main/lens-proxy/lens-proxy.ts
+++ b/src/main/lens-proxy/lens-proxy.ts
@ -7,7 +7,7 @@ import net from "net";
 import type http from "http";
 import spdy from "spdy";
 import type httpProxy from "http-proxy";
-import { apiPrefix, apiKubePrefix } from "../../common/vars";
+import { apiPrefix, apiKubePrefix, contentSecurityPolicy } from "../../common/vars";
 import type { Router } from "../router/router";
 import type { ClusterContextHandler } from "../context-handler/context-handler";
 import logger from "../logger";
@ -239,6 +239,10 @@ export class LensProxy {
      }
    }

+    if (contentSecurityPolicy) {
+      res.setHeader("Content-Security-Policy", contentSecurityPolicy);
+    }
+
    this.dependencies.router.route(cluster, req, res);
  }
 }