Allow configurable connect-src in CSP settings to address proxy and file upload issues

[agatha197]

Problem Description

Several users have reported issues related to proxy connections not working and file uploads failing within our web application. After an initial investigation, it appears that these problems might be stemming from restrictive Content Security Policy (CSP) settings, specifically the connect-src directive which controls which URLs the app can connect to.

Proposed Solution

To address this issue and provide a more flexible web security configuration, it is proposed to make the connect-src directive in the CSP settings configurable through environmental settings. This would allow administrators to adjust the policy to accommodate different deployment scenarios, such as allowing connections to specific proxies or enabling file uploads to certain domains.

Expected Benefits

• Flexibility: Administrators will have the ability to tailor the CSP settings to their specific needs, enhancing the applicability of our web application across various environments.
• Enhanced Functionality: By configuring the connect-src directive to allow specific connections, we can resolve the issues related to proxy connections and file uploads, improving the overall user experience.
• Security: Making connect-src configurable doesn't compromise security as administrators can set strict policies according to their security requirements.