Grafana DAST - Missing ""Content-Security-Policy"" header

  • What Grafana version and what operating system are you using?
    This is a Grafana installed in Openshfit.

  • What are you trying to achieve?
    Fix Missing ““Content-Security-Policy”” header issue

  • How are you trying to achieve it?
    Tried to add below parameters in the [security] section:

    content_security_policy = true

    content_security_policy_template = """script-src 'self' 'unsafe-eval'
    'unsafe-inline' 'strict-dynamic' $NONCE;object-src 'none';font-src
    'self';style-src 'self' 'unsafe-inline' blob:;img-src * data:;base-uri
    'self';connect-src 'self' ws://$ROOT_PATH
    wss://$ROOT_PATH;manifest-src 'self';media-src 'none';form-action 'self';"""

but doesn’t help

  • What happened?

  • What did you expect to happen?

Fix this Missing ““Content-Security-Policy”” header

  • Can you copy/paste the configuration(s) that you are having problems with?

  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.

  • Did you follow any online instructions? If so, what is the URL?

It’s resolved. Previously there was a typo in the real env.