wireapp · mohitrajain · May 21, 2026 · May 21, 2026 · May 21, 2026 · May 21, 2026
@@ -0,0 +1 @@
+Enable passing cspExtraConnectSrc value to nginx-ingress-services when working with multi-ingresses (renderCSPInIngress=True). It would be required for webapp to connect to third party sft servers.
@@ -20,7 +20,7 @@ metadata:
         {{if .Values.websockets.enabled}}
         set $CSP "${CSP} wss://{{ .Values.config.dns.ssl }}";
         {{end}}
-        set $CSP "${CSP} https://*.{{ .Values.config.dns.base }};";
+        set $CSP "${CSP} https://*.{{ .Values.config.dns.base }}{{- if .Values.config.cspExtraConnectSrc }} {{ .Values.config.cspExtraConnectSrc }}{{- end }};";
         set $CSP "${CSP} default-src 'self';";
         set $CSP "${CSP} font-src 'self' data:;";
         set $CSP "${CSP} frame-src https://*.soundcloud.com https://*.spotify.com https://*.vimeo.com https://*.youtube-nocookie.com;";

@@ -175,6 +175,10 @@ config:
 # (multi-ingress), because the webapps can only provide CSP headers for one
 # (root) domain.
   renderCSPInIngress: false
+# Adds additional CSP connect-src entries. This is exclusive to `.config.dns.https`.
+# It is only respected when renderCSPInIngress=True. Multiple entries can be passed with a space in between.
+  cspExtraConnectSrc:
+# cspExtraConnectSrc: "https://sft.example-calling.com https://second-domain-example.com"
 # Is this a chart instantiation for an additional backend domain (multi-ingress)?
 #
 # If 'true' some resources aren't created because they're expected to already

@@ -107,8 +107,8 @@ galley:
       # If set it must a map from `Z-Host` to URI prefix
       # Example:
       # multiIngress:
-      #    wire.example: https://accounts.wire.example/conversation-join/
-      #    example.net: https://accounts.example.net/conversation-join/
+      #    wire.example: https://account.wire.example/conversation-join/
+      #    example.net: https://account.example.net/conversation-join/
       multiIngress: null
       # Disable one ore more API versions. Please make sure the configuration value is the same in all these charts:
       # brig, cannon, cargohold, galley, gundeck, proxy, spar.

@@ -1403,8 +1403,8 @@ Example:
 
 ```yaml
 multiIngress:
-   red.example.com: https://accounts.red.example.com/conversation-join/
-   green.example.com: https://accounts.green.example.net/conversation-join/
+   red.example.com: https://account.red.example.com/conversation-join/
+   green.example.com: https://account.green.example.net/conversation-join/
 ```
 
 ### Spar

@@ -207,7 +207,7 @@ Otherwise you need to create a `.json` file, and host it somewhere users can get
       "backendWSURL" : "https://prod-nginz-ssl.wire.com",
       "blackListURL" : "https://clientblacklist.wire.com/prod",
       "teamsURL" : "https://teams.wire.com",
-      "accountsURL" : "https://accounts.wire.com",
+      "accountsURL" : "https://account.wire.com",
       "websiteURL" : "https://wire.com"
    },
    "apiProxy" : {
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Enable passing cspExtraConnectSrc value to nginx-ingress-services when working with multi-ingresses (renderCSPInIngress=True). It would be required for webapp to connect to third party sft servers.