Configuring content security policy headers for browser based security for AR System servers
Related topics
Configuring AR System servers
The Content Security Policy (CSP) is a security standard that modern browsers support to prevent malicious content from loading in your application. Enabling the CSP header helps protect against security vulnerabilities such as cross-site scripting (XSS) and other injection attacks. Configure CSP headers according to your UI customizations and third-party integrations, as it controls the sources from which scripts, styles, and other resources load.
BMC Helix Innovation Suite supports the following CSP Headers, as defined in the Content Security Policy (CSP) Quick Reference Guide at http://content-security-policy.com/ -
- Object-Src
- Script-Src
- Style-Src
- Img-src
- Font-src
- Connect-src
- Media-src
- Base-uri
- Form-action
- Worker-src
To manage the CSP settings
Review the following procedures to enable or customize CSP headers for your application:
- To enable all supported CSP headers with their default values, set the Enable-CSP-Header CCS parameter. For more information, see Configuration settings E-M.
- To configure custom values for specific CSP directives in addition to the default values, see Configuration settings C-D.
- To add CSP configuration settings in Centralized Configuration, see Updating configuration settings by using the AR System Configuration Generic UI form.