Description:
It would be nice to have a field in the Morpheus UI or option in morpheus.rb file to able able to add extra FQDN’s/CNAMEs for the Nginx “location /seets/ { add_header Content-Security-Policy }” directive. As it is currently, if you use a DNS Alias to point to your Morpheus instance, a small section of items get blocked by CSP. Mainly it’s the logo displayed to users to the left of the Login options since the URL shifts to the main value configured in Morpheus after login:
/storage/logos/uploads/ApplianceInstance/1/loginLogo/2_normal.png’ because it violates the following Content Security Policy directive: “default-src ‘self’ https://www.gstatic.com *.githubusercontent.com data: blob: ws: wss:”. Note that ‘img-src’ was not explicitly set, so ‘default-src’ is used as a fallback.
I did check the Advanced morpheus.rb Settings — Morpheus Docs documentation list but didn’t see this as an option.
Example/Use case(s):
An example use case would be adding a user friendly name such as “manage.example.org” to the morpheus.rb that is then added to the Content-Security-Policy, so the logo next to the Login options isn’t blocked by CSP when the appliance has an “official” Host record configured but you setup a CNAME or CNAMEs to make it easier for end users.