Support custom Content Security Policy template

[midoxc]

To use the Parca plugin with AMG, I need to be able to add to the Content-Security-Policy used to allow connections from a custom endpoint where the parca server is deployed.

https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy

This config would need to be exposed in some way.

[ZoneMR]

Yes, please, we wish to include external images in our dashboards and are unable to do so.

[pavolzibrita]

This would be useful! Thanks!

[sadnan1994]

We have a usecase for this as well which is blocked due to this.

[VermaPriyanka]

@sadnan1994 Can you share details of your use-case?

[rawnsley]

Hi @VermaPriyanka . We have the same requirement and a simple use case would be importing a database of user profiles and wanting to display each user's profile picture alongside their details. The profile picture may come from a 3rd party domain, which would need to be added to the CSP img-src list. This is a serious limitation for us that we were easily able to overcome on our self-hosted Grafana instance.

[LoLZeS666]

Hi @VermaPriyanka, I would also like to use the Business Forms plugin but facing the issue of not being able to execute the javascript code inside it. This was easily achieved in the self managed grafana. Can you give us a roadmap of when this might be added?

[stefan-stojanovic-s]

I have mentioned this in my issue also https://github.com/aws/amazon-managed-grafana-roadmap/issues/97

Please ! this is causing weird workarounds. In my opinion, its a bigger security risk to go through workarounds then have custom content security policies

I can give you a very good use case - there is a possibility of creating 3D IoT factory charts that is quite meaningful for anybody looking to see whats happening on factory production line.