Jump to: navigation, search

Content Security Policy

Header Value

All server responses contains a Content-Security-Policy header. In configurations with Single Sign On (SSO) disabled its value is:

default-src 'self'; img-src 'self' data:

In configurations with SSO enabled, the value is:

default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline';

Notes

  • 'unsafe-inline' is required by third-party libraries.

Feedback

Comment on this article:

blog comments powered by Disqus
This page was last modified on December 19, 2017, at 03:03.