website/docs: add CSP to hardening

[gergosimonyi]

No description provided.

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	388ebcd
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-docs/deploys/6732131ce6b71a0008d7287e
😎 Deploy Preview	https://deploy-preview-11970--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[netlify]

✅ Deploy Preview for authentik-storybook ready!

Name	Link
🔨 Latest commit	388ebcd
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-storybook/deploys/6732131c618f730008d7d89f
😎 Deploy Preview	https://deploy-preview-11970--authentik-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.64%. Comparing base (cdea9a9) to head (388ebcd).
Report is 11 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #11970   +/-   ##
=======================================
  Coverage   92.64%   92.64%           
=======================================
  Files         761      761           
  Lines       37813    37822    +9     
=======================================
+ Hits        35030    35042   +12     
+ Misses       2783     2780    -3     

Flag	Coverage Δ
e2e	49.31% <ø> (+0.10%)	⬆️
integration	24.91% <ø> (-0.01%)	⬇️
unit	90.15% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-6740d97b3f8f60b881d11cf1a521ab9b3c046b3b
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

For arm64, use these values:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-6740d97b3f8f60b881d11cf1a521ab9b3c046b3b-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-6740d97b3f8f60b881d11cf1a521ab9b3c046b3b

For arm64, use these values:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-6740d97b3f8f60b881d11cf1a521ab9b3c046b3b-arm64

Afterwards, run the upgrade commands from the latest release notes.

[tanberry]

A few editing thangs.

[tanberry]

Suggested change

	Setting up CSP incorrectly may result in the client not loading necessary third-party code.
	Setting up CSP incorrectly might result in the client not loading necessary third-party code.

[tanberry]

Suggested change

	authentik will require at least the following origins:
	authentik requires at least the following origins:

[tanberry]

Should we explain more about what an origin is? Where to define it? Do we have any links about it to link to?

[gergosimonyi]

Offline resolution: we should use the word used by the CSP spec: "location"

[tanberry]

I thought I had edited that use of "may" before, but maybe I missed this one. (We want to use "might", to imply chances, instead of "may" which implies permission. :-)