Press Ctrl / CMD + C to copy this to your clipboard.
This post will be reported to the moderators as potential spam to be looked at
I added:
<add name="Content-Security-Policy" value="default-src 'self'; script-src 'self' https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com; style-src-elem 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com; font-src 'self' https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com;" />
I had to add 'unsafe-inline' which defeats the whole purpose.
Umbraco v8 would not work as a lot of cdn content is used in Umbraco.
Is there any acceptable "Content-Security-Policy" for Umbraco v8 that works?
Either create a different policy for the Umbraco path or don't have a CSP for the umbraco path at all.
e.g.
<location path="umbraco"> <system.webServer> <urlCompression doStaticCompression="false" doDynamicCompression="false" dynamicCompressionBeforeCache="false" /> <httpProtocol> <customHeaders> <remove name="Content-Security-Policy" /> </customHeaders> </httpProtocol> </system.webServer> </location>
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.
Continue discussion
Umbraco v8 - Breaks when "Content-Security-Policy" is added to web.config. Require an acceptable policy.
I added:
I had to add 'unsafe-inline' which defeats the whole purpose.
Umbraco v8 would not work as a lot of cdn content is used in Umbraco.
Is there any acceptable "Content-Security-Policy" for Umbraco v8 that works?
Either create a different policy for the Umbraco path or don't have a CSP for the umbraco path at all.
e.g.
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.