wireapp · mohitrajain · May 21, 2026 · May 21, 2026 · May 21, 2026 · May 21, 2026
@@ -0,0 +1 @@
+Enable passing cspExtraConnectSrc value to nginx-ingress-services when working with multi-ingresses (renderCSPInIngress=True). It would be required for webapp to connect to third party sft servers.
@@ -20,7 +20,7 @@ metadata:
         {{if .Values.websockets.enabled}}
         set $CSP "${CSP} wss://{{ .Values.config.dns.ssl }}";
         {{end}}
-        set $CSP "${CSP} https://*.{{ .Values.config.dns.base }};";
+        set $CSP "${CSP} https://*.{{ .Values.config.dns.base }}{{- if .Values.config.cspExtraConnectSrc }} {{ .Values.config.cspExtraConnectSrc }}{{- end }};";
         set $CSP "${CSP} default-src 'self';";
         set $CSP "${CSP} font-src 'self' data:;";
         set $CSP "${CSP} frame-src https://*.soundcloud.com https://*.spotify.com https://*.vimeo.com https://*.youtube-nocookie.com;";

@@ -175,6 +175,10 @@ config:
 # (multi-ingress), because the webapps can only provide CSP headers for one
 # (root) domain.
   renderCSPInIngress: false
+# Adds additional CSP connect-src entries. This is exclusive to `.config.dns.https`.
+# It is only respected when renderCSPInIngress=True. Multiple entries can be passed with a space in between.
+  cspExtraConnectSrc:
+# cspExtraConnectSrc: "https://sft.example-calling.com https://second-domain-example.com"
 # Is this a chart instantiation for an additional backend domain (multi-ingress)?
 #
 # If 'true' some resources aren't created because they're expected to already
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Enable passing cspExtraConnectSrc value to nginx-ingress-services when working with multi-ingresses (renderCSPInIngress=True). It would be required for webapp to connect to third party sft servers.