[ES-2916] fixed ui rendering and biometric login issue caused by csp header (#1675)

[sacrana0]

Summary by CodeRabbit

Configuration

• Updated Content-Security-Policy to enable integration with Google services and MOSIP network resources
• Enhanced image handling with support for data-based sources and expanded network connectivity
• Enabled inline styling capabilities for improved UI rendering and component compatibility
• Improved local development environment accessibility with direct connection support

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 3af04a0f-1bd3-49f1-92df-1b20cd224290

📥 Commits

Reviewing files that changed from the base of the PR and between 2d73039 and d6eb2e6.

📒 Files selected for processing (2)

• helm/oidc-ui/templates/configmap.yaml
• oidc-ui/nginx/nginx.conf

---

Walkthrough

The pull request expands the Content-Security-Policy (CSP) in nginx configuration to permit additional content sources, including external Google services, data URIs for images, and localhost connections. The same changes are applied to both the Helm template and the nginx configuration file.

Changes

Cohort / File(s)	Summary
Content Security Policy Expansion helm/oidc-ui/templates/configmap.yaml, oidc-ui/nginx/nginx.conf	Updated CSP directives: added 'unsafe-inline' to style-src; expanded img-src to include data: and https://*.mosip.net; added script-src, frame-src, and connect-src directives to allow Google services and localhost connections.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• [ES-2916] fixed ui rendering and biometric login issue caused by csp header #1675: Modifies identical CSP directives (style-src, img-src, script-src, frame-src, connect-src) in nginx configuration with the same policy expansions.

Suggested reviewers

• ase-101

Poem

🐰 Through gates of policy, wide and fair,
The rabbit hops with utmost care,
Google scripts and images bloom,
Localhost whispers in the room,
Security loosens—review with thought! 🔐

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly addresses the main change: relaxing CSP headers to fix UI rendering and biometric login issues. It clearly identifies the problem (CSP header) and the solution (fixed), matching the file changes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}