Enable Content Security Policy (CSP)
  • 1 Minute to read
  • PDF

Enable Content Security Policy (CSP)

  • PDF

Article summary

The following is available from CTERA Portal version 8.1.1417.12.

From Content Security Policy (CSP) can help protect CTERA Portal when a secure policy is defined. The policy must prevent the execution of untrusted scripts using CSP. When CSP is enabled on the CTERA Portal, every request that goes through the portal server has a CSP with strict rules.

Note

In some cases, where strict is colliding with GUI functionalities, the CSP is less strict.

All CTERA Portal responses use a strict CSP except for the following pages, where a less strict CSP is enforced:

  • /ServicesPortal/pcc-viewer-frame.html
  • /staff/pcc-viewer-frame.html
  • /admin/pcc-viewer-frame.html
  • /invitations/pcc-viewer-frame.html
  • /admin/dialog.html
  • /admin/index.old.html
  • /admin/setup.html,
  • /ServicesPortal/admin.old.html
  • /ServicesPortal/dialog.html
  • /admin/login.old.html
  • /ServicesPortal/login.old.html
  • ServicesPortal/page.html
  • staff/dialog.html
  • staff/login.old.html
  • /common/portalbeta/templates/filePreview/file.preview.print.template.tpl.html
  • /admin/preview
  • /ServicesPortal/preview
  • /staff/preview

Enabling CSP does not require any addition CTERA resources.

Step-by-step guide

  1. Log in to the portal as a global administrator and enter the following URL in the address bar of the browser: https://<portalAddress>/admin/#/$/control-panel/view/cli
    The CLI Execution window is displayed.
  2. In the CLI Execution window, enter the following command: set /settings/contentSecurityPolicySettings/enableSecuredCspRules true and click GO.
  3. After the command is successful, restart the portal.

Was this article helpful?