Headers middleware: support Content-Security-Policy-Report-Only

docs/content/middlewares/http/headers.md

@@ -394,6 +394,10 @@ This overrides the `BrowserXssFilter` option.
 
 The `contentSecurityPolicy` option allows the `Content-Security-Policy` header value to be set with a custom value.
 
+### `contentSecurityPolicyReportOnly`
+
+The `contentSecurityPolicyReportOnly` option allows the `Content-Security-Policy-Report-Only` header value to be set with a custom value.
+
 ### `publicKey`
 
 The `publicKey` implements HPKP to prevent MITM attacks with forged certificates.

docs/content/reference/dynamic-configuration/docker-labels.yml

@@ -55,6 +55,7 @@
 - "traefik.http.middlewares.middleware12.headers.allowedhosts=foobar, foobar"
 - "traefik.http.middlewares.middleware12.headers.browserxssfilter=true"
 - "traefik.http.middlewares.middleware12.headers.contentsecuritypolicy=foobar"
+- "traefik.http.middlewares.middleware12.headers.contentsecuritypolicyreportonly=foobar"
 - "traefik.http.middlewares.middleware12.headers.contenttypenosniff=true"
 - "traefik.http.middlewares.middleware12.headers.custombrowserxssvalue=foobar"
 - "traefik.http.middlewares.middleware12.headers.customframeoptionsvalue=foobar"

docs/content/reference/dynamic-configuration/file.toml

@@ -198,6 +198,7 @@
         browserXssFilter = true
         customBrowserXSSValue = "foobar"
         contentSecurityPolicy = "foobar"
+        contentSecurityPolicyReportOnly = "foobar"
         publicKey = "foobar"
         referrerPolicy = "foobar"
         permissionsPolicy = "foobar"

docs/content/reference/dynamic-configuration/file.yaml

@@ -242,6 +242,7 @@ http:
         browserXssFilter: true
         customBrowserXSSValue: foobar
         contentSecurityPolicy: foobar
+        contentSecurityPolicyReportOnly: foobar
         publicKey: foobar
         referrerPolicy: foobar
         permissionsPolicy: foobar

docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml

@@ -1309,6 +1309,10 @@ spec:
                     description: ContentSecurityPolicy defines the Content-Security-Policy
                       header value.
                     type: string
+                  contentSecurityPolicyReportOnly:
+                    description: ContentSecurityPolicyReportOnly defines the Content-Security-Policy-Report-Only
+                      header value.
+                    type: string
                   contentTypeNosniff:
                     description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
                       header with the nosniff value.

docs/content/reference/dynamic-configuration/kv-ref.md

@@ -71,6 +71,7 @@ THIS FILE MUST NOT BE EDITED BY HAND
 | `traefik/http/middlewares/Middleware12/headers/allowedHosts/1` | `foobar` |
 | `traefik/http/middlewares/Middleware12/headers/browserXssFilter` | `true` |
 | `traefik/http/middlewares/Middleware12/headers/contentSecurityPolicy` | `foobar` |
+| `traefik/http/middlewares/Middleware12/headers/contentSecurityPolicyReportOnly` | `foobar` |
 | `traefik/http/middlewares/Middleware12/headers/contentTypeNosniff` | `true` |
 | `traefik/http/middlewares/Middleware12/headers/customBrowserXSSValue` | `foobar` |
 | `traefik/http/middlewares/Middleware12/headers/customFrameOptionsValue` | `foobar` |

docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml

@@ -585,6 +585,10 @@ spec:
                     description: ContentSecurityPolicy defines the Content-Security-Policy
                       header value.
                     type: string
+                  contentSecurityPolicyReportOnly:
+                    description: ContentSecurityPolicyReportOnly defines the Content-Security-Policy-Report-Only
+                      header value.
+                    type: string
                   contentTypeNosniff:
                     description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
                       header with the nosniff value.