CodeShare
Have some code. Share some code.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner
Code is community submitted, community supported, and recognized as ‘Use At Your Own Risk’.

Short Description

This short iRule snippet can change specific directives in a content-security-policy header.

The script is only roughly tested, but maybe we can improve it together.

 

Full Code Snippet

 

 

when HTTP_RESPONSE_RELEASE priority 800 {
    # init
    set csp_fields ""
    set csp(directives) ""
    set csp(values) ""

    # configure
    lappend csp(directives) "frame-ancestors"
    lappend csp(values) "*"

    # iterate through directives from backend
    set org_csp_fields [split [HTTP::header Content-Security-Policy] ";"]
    foreach field $org_csp_fields {
        set directive [getfield [string trim $field] " " 1]
        set idx [lsearch -exact $csp(directives) $directive]
        if { $idx > -1 } {
            # append enforced value
            lappend csp_fields "$directive [lindex $csp(values) $idx]"
        }
        else {
            # append original value
            lappend csp_fields $field
        }
    }

    # add missing directives
    set i 0
    foreach field $csp(directives) {
        set idx [lsearch -glob $csp_fields "${field}*"]
        if { $idx == -1 } {
            # missing, add it
            lappend csp_fields "${field} [lindex $csp(values) $i]"
        }
        incr i
    }

    # replace the header
    HTTP::header remove Content-Security-Policy
    HTTP::header insert Content-Security-Policy [join $csp_fields "; "]
}

 

 

 

 

Version history
Last update:
‎23-Jan-2023 01:53
Updated by:
Contributors