i4connected Knowledgebase 5.6

Content-Security-Policy

Abstract

Check out this article and read more details about the Content-Security header and learn how to configure it for your i4connected installation.

The Content-Security-Policy response header allows web site administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints. This helps guard against cross-site scripting attacks (XSS).

The Content-Security-Policy header can be configured in the Web.config file, under the i4connected API folder, allowing the system administrator to specify multiple policies for a resource. Additional policies have the scope to bring more capabilities restrictions to the protected resource.

Content_Security_Policy.jpg

The Content-Security-Policy

Tip

For more details about the directives of the Content-Security-Policy, please also visit this article.

Important

This header should be removed from the Web.config file if the i4connected API and Portal uses HTTP, instead of HTTPS.