Skip to content

Set KAS connect-src CSP on demand

Timo Furrer requested to merge kas-cookie-concern into master

What does this MR do and why?

In Add user access functionality for KAS (!104504 - merged) we've introduced a connect-src directive for the KAS subdomain (in case it is on a subdomain) globally. However, this is not really necessary and an on-demand approach is preferred.

on-demand meaning that a controller can include the KasCookie concern to configure the correct CSP so that the KAS cookie can actually be used. The KAS cookie doesn't make any sense without the CSP config, so it naturally makes sense for it to be part of the KasCookie concern.

Screenshots or screen recordings

Page with a controller that includes the KasCookie concern:

image

Page that doesn't include the KasCookie concern:

image

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Setup KAS
  2. Setup agentk
  3. Enable KAS User Access Feature flags
  4. Browse to the cluster / agent page to check CSP

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Merge request reports

Loading