From 0bac6cfe075b4f0281c85b4f33cdf4160d7e6ff4 Mon Sep 17 00:00:00 2001
From: Eric Lippmann <eric.lippmann@icinga.com>
Date: Tue, 27 Jun 2023 09:40:09 +0200
Subject: [PATCH] Config: Add setting to enable strict CSP

---
 .../forms/Config/General/ApplicationConfigForm.php   | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/application/forms/Config/General/ApplicationConfigForm.php b/application/forms/Config/General/ApplicationConfigForm.php
index 0e5c70028..21f76a187 100644
--- a/application/forms/Config/General/ApplicationConfigForm.php
+++ b/application/forms/Config/General/ApplicationConfigForm.php
@@ -55,6 +55,18 @@ class ApplicationConfigForm extends Form
             )
         );
 
+        $this->addElement(
+            'checkbox',
+            'security_use_strict_csp',
+            [
+                'label'         => $this->translate('Enable strict content security policy'),
+                'description'   => $this->translate(
+                    'Set whether to to use strict content security policy (CSP).'
+                    . ' This setting helps to protect from cross-site scripting (XSS).'
+                )
+            ]
+        );
+
         $this->addElement(
             'text',
             'global_module_path',