Expected Behaviour:
When browsing to custom host name for my pihole admin interface mypihole.mydomain.com/admin/groups-clients.php the page will load as normal without errors.
Lists of groups, clients, domains, and ad-lists appear as expected.
Actual Behaviour:
When browsing to custom host name for my pihole admin interface mypihole.mydomain.com/admin/groups-clients.php the page encounters a content security policy error as the default content security policy is:
"Content-Security-Policy" => "default-src 'self' 'unsafe-inline';"
This prevents lists of groups, clients, domains, and ad-lists from l oading.
How I resolved the issue
I added the following option to my lighttpd config:
setenv.add-response-header = ("Content-Security-Policy" => "default-src 'self, mypihole.mydomain.com'; 'unsafe-inline',)
If there is a better way to solve this issue, I was unable to find it after reading the documentation located at: https://docs.pi-hole.net
I also spent time searching the general web before just finding out what http server pihole uses and editing the config.
Why i needed this
Instead of operating a full-featured VPN, or even manging local dns records, I leverage cloudflare tunnels to enable zero trust access to my admin panel for pihole.