From 51578e1f773706c6b552d9b0192e0919184c8c29 Mon Sep 17 00:00:00 2001 From: ShahanaFarooqui Date: Tue, 12 Sep 2023 21:53:08 -0700 Subject: [PATCH] plugins/clnrest: Add `rest-csp` option for config --- plugins/clnrest/utilities/rpc_plugin.py | 1 + plugins/clnrest/utilities/shared.py | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/plugins/clnrest/utilities/rpc_plugin.py b/plugins/clnrest/utilities/rpc_plugin.py index a2473a51c3c4..82c98d3b7d09 100644 --- a/plugins/clnrest/utilities/rpc_plugin.py +++ b/plugins/clnrest/utilities/rpc_plugin.py @@ -8,3 +8,4 @@ plugin.add_option(name="rest-host", default="127.0.0.1", description="REST server host", opt_type="string", deprecated=False) plugin.add_option(name="rest-port", default=None, description="REST server port to listen", opt_type="int", deprecated=False) plugin.add_option(name="rest-cors-origins", default="*", description="Cross origin resource sharing origins", opt_type="string", deprecated=False, multi=True) +plugin.add_option(name="rest-csp", default="default-src 'self'; font-src 'self'; img-src 'self' data:; frame-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';", description="Content security policy (CSP) for the server", opt_type="string", deprecated=False, multi=True) diff --git a/plugins/clnrest/utilities/shared.py b/plugins/clnrest/utilities/shared.py index c9adb0e55610..3055c15016e7 100644 --- a/plugins/clnrest/utilities/shared.py +++ b/plugins/clnrest/utilities/shared.py @@ -2,17 +2,18 @@ import re import json -CERTS_PATH, REST_PROTOCOL, REST_HOST, REST_PORT, REST_CORS_ORIGINS = "", "", "", "", [] +CERTS_PATH, REST_PROTOCOL, REST_HOST, REST_PORT, REST_CSP, REST_CORS_ORIGINS = "", "", "", "", "", [] def set_config(options): if 'rest-port' not in options: return "`rest-port` option is not configured" - global CERTS_PATH, REST_PROTOCOL, REST_HOST, REST_PORT, REST_CORS_ORIGINS + global CERTS_PATH, REST_PROTOCOL, REST_HOST, REST_PORT, REST_CSP, REST_CORS_ORIGINS CERTS_PATH = str(options["rest-certs"]) REST_PROTOCOL = str(options["rest-protocol"]) REST_HOST = str(options["rest-host"]) REST_PORT = int(options["rest-port"]) + REST_CSP = str(options["rest-csp"]) cors_origins = options["rest-cors-origins"] REST_CORS_ORIGINS.clear() for origin in cors_origins: