Add csp_additional_header config option

2020-12-21 19:15:35 +01:00
parent 06643232cf
commit 8ed41a1276
3 changed files with 9 additions and 1 deletions
--- a/doc/admin/config.rst
+++ b/doc/admin/config.rst
@@ -105,7 +105,12 @@ Example::

 ``csp_log``
    Log violations of the Content Security Policy (CSP). Defaults to ``on``.
-    
+
+``csp_additional_header``
+    Specifies a CSP header that will be **merged** with pretix's default header. For example, if you set this
+    to ``script-src https://mycdn.com``, pretix will add ``https://mycdn.com`` as an **additional** allowed source
+    to all CSP headers. Empty by default.
+
 ``loglevel``
    Set console and file log level (``DEBUG``, ``INFO``, ``WARNING``, ``ERROR`` or ``CRITICAL``). Defaults to ``INFO``.