Bug with CSP - doesn't allow more than 255 chars

We are struggling with content-security-policy realm setting not allowing us to put anything above 255 chars in there. This is obviously very low for a non-default CSP, and should be considered an architectural error on the Keycloak side.

The following error is thrown when we try to go above 255 chars:

**Error!** javax.persistence.PersistenceException: org.hibernate.exception.DataException: could not execute statement

My assumption is, it is happening because the database entry for CSP has value of type varchar(255).
Is there a way to patch/workaround this without consequences?


That’s correct. There is a size limit on that DB field which is causing the exception. We ran into the same thing. However, it is possible to put the CSP in the body of the HTML:

<meta http-equiv="Content-Security-Policy" content="..."/>

We implemented a login theme which just overrides the default Keycloak theme and then added the meta tag to the template.ftl file.

@xgp thanks, this seems to be a very elegant solution.
Does it actually override the default realm CSP in this case?

Yes and no. For security reasons, the meta tag can only make the policy more strict, not to relax the policy defined in the headers. So you will have to set the header CSP in the Admin UI to the minimum you want, and then add additional policy restrictions in the meta tag.