The following is available from CTERA Portal version 8.1.1417.12.
Content Security Policy (CSP) can help protect CTERA Portal when a secure policy is defined. The policy must prevent the execution of untrusted scripts using CSP. When CSP is enabled on the CTERA Portal, every request that goes through the portal server has a CSP with strict rules.
Note
In some cases, where strict is colliding with GUI functionalities, the CSP is less strict.
All CTERA Portal responses use a strict CSP except for the following pages, where a less strict CSP is enforced:
- /ServicesPortal/pcc-viewer-frame.html
- /staff/pcc-viewer-frame.html
- /admin/pcc-viewer-frame.html
- /invitations/pcc-viewer-frame.html
- /admin/dialog.html
- /admin/index.old.html
- /admin/setup.html,
- /ServicesPortal/admin.old.html
- /ServicesPortal/dialog.html
- /admin/login.old.html
- /ServicesPortal/login.old.html
- /ServicesPortal/page.html
- /staff/dialog.html
- /staff/login.old.html
- /common/portalbeta/templates/filePreview/file.preview.print.template.tpl.html
- /admin/preview
- /ServicesPortal/preview
- /staff/preview
Enabling CSP does not require any additional CTERA resources.
Step-by-step guide
- Log in to the portal as a global administrator and enter the following URL in the address bar of the browser:
https://<portalAddress>/admin/#/$/control-panel/view/cli
The CLI Execution window is displayed. - In the CLI Execution window, enter the following command:
set /settings/contentSecurityPolicySettings/enableSecuredCspRules trueand click GO. - After the command is successful, restart the portal.