iRule to modify a content-security-policy header
Code is community submitted, community supported, and recognized as ‘Use At Your Own Risk’.
Short Description
This short iRule snippet can change specific directives in a content-security-policy header.
The script is only roughly tested, but maybe we can improve it together.
Full Code Snippet
when HTTP_RESPONSE_RELEASE priority 800 {
# init
set csp_fields ""
set csp(directives) ""
set csp(values) ""
# configure
lappend csp(directives) "frame-ancestors"
lappend csp(values) "*"
# iterate through directives from backend
set org_csp_fields [split [HTTP::header Content-Security-Policy] ";"]
foreach field $org_csp_fields {
set directive [getfield [string trim $field] " " 1]
set idx [lsearch -exact $csp(directives) $directive]
if { $idx > -1 } {
# append enforced value
lappend csp_fields "$directive [lindex $csp(values) $idx]"
}
else {
# append original value
lappend csp_fields $field
}
}
# add missing directives
set i 0
foreach field $csp(directives) {
set idx [lsearch -glob $csp_fields "${field}*"]
if { $idx == -1 } {
# missing, add it
lappend csp_fields "${field} [lindex $csp(values) $i]"
}
incr i
}
# replace the header
HTTP::header remove Content-Security-Policy
HTTP::header insert Content-Security-Policy [join $csp_fields "; "]
}
Updated Jan 23, 2023
Version 2.0