Configuring content security policy headers for browser based security
The Content Security Policy (CSP) is a security standard that modern browsers support to prevent malicious content from being loaded in your application. CSP restricts the sources from which content, such as scripts, images, stylesheets, and other resources, can be loaded. By configuring the CSP header, administrators can improve the overall security of applications built using the BMC Helix Innovation Suite.
BMC Helix Innovation Suite supports the following CSP Headers, as defined in the Content Security Policy (CSP) Quick Reference Guide at http://content-security-policy.com/ -
- Object-Src
- Script-Src
- Style-Src
- Img-src
- Font-src
- Connect-src
- Media-src
- Base-uri
- Form-action
- Worker-src
To manage the CSP settings
Review the following procedures to enable or customize CSP headers for your application:
- To enable all supported CSP headers with their default values, see Configuration settings E-M.
- To configure custom values for specific CSP directives in addition to the default values, see Configuration settings C-D.
- To add CSP configuration settings in Centralized Configuration, see Updating configuration settings by using the AR System Configuration Generic UI form.
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*