Skip to content

Commit 02b5ef9

Browse files
committed
docs: strict CSP, Sentry report-uri config
1 parent 2faabec commit 02b5ef9

File tree

2 files changed

+15
-1
lines changed

2 files changed

+15
-1
lines changed

docs/configuration/content-security-policy.md

+5-1
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,14 @@
66

77
> The HTTP `Content-Security-Policy` response header allows web site administrators to control resources the user agent is
88
> allowed to load for a given page.
9-
9+
>
1010
> With a few exceptions, policies mostly involve specifying server origins and script endpoints. This helps guard against
1111
> cross-site scripting attacks
1212
13+
!!! warning "Strict CSP"
14+
15+
Benefits configures a Strict Content Security Policy. Read more about Strict CSP from Google: <https://csp.withgoogle.com/docs/strict-csp.html>.
16+
1317
## `django-csp`
1418

1519
!!! tldr "django-csp docs"

docs/configuration/environment-variables.md

+10
Original file line numberDiff line numberDiff line change
@@ -177,5 +177,15 @@ Enables [sending events to Sentry](../../deployment/troubleshooting/#error-monit
177177

178178
Segments errors by which deployment they occur in. This defaults to `local`, and can be set to match one of the [environment names](../../deployment/infrastructure/#environments).
179179

180+
### `SENTRY_REPORT_URI`
181+
182+
!!! tldr "Sentry docs"
183+
184+
[Security Policy Reporting](https://docs.sentry.io/product/security-policy-reporting/)
185+
186+
Collect information on Content-Security-Policy (CSP) violations. Read more about [CSP configuration in Benefits](./content-security-policy.md).
187+
188+
To enable report collection, set this env var to the authenticated Sentry endpoint.
189+
180190
[app-service-config]: https://docs.microsoft.com/en-us/azure/app-service/configure-common?tabs=portal
181191
[getting-started_create-env]: ../getting-started/README.md#create-an-environment-file

0 commit comments

Comments
 (0)