Skip to Content

Configuring content security policy headers for browser based security for Mid Tier

Related topics
Configuring the Mid Tier

The Content Security Policy (CSP) is a security standard that modern browsers support to prevent malicious content from being loaded in your application. CSP restricts the sources from which content, such as scripts, images, stylesheets, and other resources, can be loaded. By configuring the CSP header, administrators can improve the overall security of applications built using the BMC Helix Innovation Suite.

BMC Helix Innovation Suite supports the following CSP Headers, as defined in the Content Security Policy (CSP) Quick Reference Guide at http://content-security-policy.com/ -

  • Object-Src
  • Script-Src
  • Style-Src
  • Img-src
  • Font-src
  • Connect-src
  • Media-src
  • Base-uri
  • Form-action​​​
  • Worker-src

To manage the CSP settings

  1. In a browser, open the AR System Administration Console, and click System > General > Centralized Configuration.
  2. Configure the arsystem.security.csp.directives CCS parameter. For more details, see Configuration settings A-B.

Important Clear the browser cache after updating the CSP settings to ensure that the browser applies the latest configuration.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Helix Innovation Suite 26.1