The custom-backend and backend policies is currently tied to fixed backend paths (starting with /neos).
Custom backend-like routes (e.g. /monocle) can’t reuse it without patching.
Making the URI matching for custom-backend and backend configurable would allow applying the existing backend CSP to custom paths.
Possible configuration:
Flowpack:
ContentSecurityPolicy:
policies:
custom-backend:
matchUris:
- '^/monocle(/.*)?$'
The
custom-backendandbackendpolicies is currently tied to fixed backend paths (starting with/neos).Custom backend-like routes (e.g.
/monocle) can’t reuse it without patching.Making the URI matching for
custom-backendandbackendconfigurable would allow applying the existing backend CSP to custom paths.Possible configuration: