I want to integrate a cookie banner (permit/deny/...) in the login screen of Keycloak. The Keycloak login screen is the first page a user gets to see and Keycloak already wants to set cookies.
Therefore I need to include a JS like <script id="..." src="https://the-service-provider/the-script.js" data-cbid="..." data-blockingmode="auto" type="text/javascript"></script>
.
I tried to adapt the template.ftl
in my Keycloak Theme, but this gave me the error
Refused to frame 'https://the-service-provider/' because it violates the following Content Security Policy directive: "frame-src 'self'".
Can I change the Content-Security-Policy in Keycloak? Or is there a better way to add the JS?
I already found out how to change the Content-Security-Policy in Keycloak.
Realm Settings -> Security Defenses -> Content-Security-Policy
Here I changed the value to frame-src 'self' https://the-service-provider; frame-ancestors 'self'; object-src 'none';