configuration.md: Document Content Security Policy options (#30413)

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

configuration.md: Document Content Security Policy options (#30413)
Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
e818bdd7 · Arve Knudsen · GitHub · f2327baf · e818bdd7
Commit e818bdd7 authored Jan 22, 2021 by Arve Knudsen Committed by GitHub Jan 22, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

docs/sources/administration/configuration.md
+8 -0

No files found.
--- a/docs/sources/administration/configuration.md
+++ b/docs/sources/administration/configuration.md
@@ -508,6 +508,14 @@ Set to `true` to enable the X-Content-Type-Options response header. The X-Conten

 Set to `false` to disable the X-XSS-Protection header, which tells browsers to stop pages from loading when they detect reflected cross-site scripting (XSS) attacks. The default value is `false` until the next minor release, `6.3`.

+### content_security_policy
+
+Set to `true` to add the Content-Security-Policy header to your requests. CSP allows to control resources that the user agent can load and helps prevent XSS attacks.
+
+### content_security_policy_template
+
+Set Content Security Policy template used when adding the Content-Security-Policy header to your requests. `$NONCE` in the template includes a random nonce.
+
 <hr />

 ## [snapshots]