Enable Content Security Policy (CSP)
- 1 Minute to read
- Print
- PDF
Enable Content Security Policy (CSP)
- 1 Minute to read
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
The following is available from CTERA Portal version 8.1.1417.12.
From Content Security Policy (CSP) can help protect CTERA Portal when a secure policy is defined. The policy must prevent the execution of untrusted scripts using CSP. When CSP is enabled on the CTERA Portal, every request that goes through the portal server has a CSP with strict rules.
Note
In some cases, where strict is colliding with GUI functionalities, the CSP is less strict.
All CTERA Portal responses use a strict CSP except for the following pages, where a less strict CSP is enforced:
- /ServicesPortal/pcc-viewer-frame.html
- /staff/pcc-viewer-frame.html
- /admin/pcc-viewer-frame.html
- /invitations/pcc-viewer-frame.html
- /admin/dialog.html
- /admin/index.old.html
- /admin/setup.html,
- /ServicesPortal/admin.old.html
- /ServicesPortal/dialog.html
- /admin/login.old.html
- /ServicesPortal/login.old.html
- ServicesPortal/page.html
- staff/dialog.html
- staff/login.old.html
- /common/portalbeta/templates/filePreview/file.preview.print.template.tpl.html
- /admin/preview
- /ServicesPortal/preview
- /staff/preview
Enabling CSP does not require any addition CTERA resources.
Step-by-step guide
- Log in to the portal as a global administrator and enter the following URL in the address bar of the browser:
https://<portalAddress>/admin/#/$/control-panel/view/cli
The CLI Execution window is displayed. - In the CLI Execution window, enter the following command:
set /settings/contentSecurityPolicySettings/enableSecuredCspRules true
and click GO. - After the command is successful, restart the portal.
Was this article helpful?