Question
How to enable the Content Security Policy for Release?
Answer
This is a new feature available from Release version 23.1.0 and can be enabled on xl-release.conf (under xl.server.http).
It is disabled by default.
Steps to Follow
- Edit <Release_Home>/conf/xl-release.conf and add the following under xl.server.http
Sample Snippet:
xl.server.http {
csp {
enabled = true
policyDirectives = "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'
app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-
5636088155078656.storage.googleapis.com data.pendo.io code.jquery.com; style-src 'self'
'unsafe-inline' app.pendo.io cdn.pendo.io pendo-static-5636088155078656.storage.googleapis.
com; font-src 'self' data: blob: 'unsafe-inline'; img-src 'self' data: blob: app.pendo.io
cdn.pendo.io pendo-static-5636088155078656.storage.googleapis.com data.pendo.io; connect-src
'self' app.pendo.io data.pendo.io pendo-static-5636088155078656.storage.googleapis.com;
frame-src 'self' app.pendo.io; frame-ancestors 'self' app.pendo.io; child-src 'self'
app.pendo.io;"
}
}
Comments
Please sign in to leave a comment.