i

Please enable JavaScript to view this site.

Documentation 8.3

Navigation: User Manual > Configuration > Environment > General

Content Security Policy 

Additional security layer that helps prevent and mitigate some types of attacks, including Cross Site Scripting.

All configurable directives can be filled according to specification https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/Sources#sources

Configurable Properties

 

Directive default_src

 

The default-src directive serves as a fallback for the other CSP directives. For each missing directive, the user agent looks up the directive and uses its value.

 

Name

DirectiveDefault_Src

Code

DEFAULT_SRC

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Default Value

 

 

Directive style_src

 

The directive specifies valid sources for style sheets. If this directive is absent, the user agent will look for the default-src directive. One or more sources are allowed for the style-src directive.

 

Name

DirectiveStyle_Src

Code

STYLE_SRC

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Default Value

 

 

Directive font_src

 

The directive specifies valid sources for the loaded text fonts. If this directive is absent, the user agent will look for the default-src directive. One or more sources are allowed for the font-src directive.

 

Name

DirectiveFont_Src

Code

FONT_SRC

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Default Value

 

 

Directive script_src

 

The directive specifies valid JavaScript sources. If this directive is absent, the user agent will look for the default-src directive. One or more sources are allowed for the

script-src directive.

 

Name

DirectiveScript_Src

Code

SCRIPT_SRC

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Default Value

 

 

Directive img_src

 

The directive specifies valid image sources. If this directive is absent, the user agent will look for the default-src directive. One or more sources are allowed for the

img-src directive.

 

Name

DirectiveImg_Src

Code

IMG_SRC

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Default Value

data

 

Directive frame_src

 

The directive specifies valid sources for loading nested browsing contexts using elements like <frame> and <iframe>. One or more sources are allowed for the frame-src directive.

 

Name

DirectiveFrame_Src

Code

FRAME_SRC

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Default Value

 

 

Directive frame_ancestors_src

 

The directive specifies valid sites that can embed the Deyel portal using <frame>, <iframe>, <object>, <embed> o <applet>. It differs from the frame-src directive as the latter specifies where iframes can be loaded from in the Deyel portal. One or more sources are allowed for the frame-ancestor-src directive.

 

Name

DirectiveFrame_ancestors_Src

Code

FRAME_ANCESTORS_SRC

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Default Value

 

 

Directive form_action_src

 

The directive determines the URLs that can be used from Deyel as destination in the <form> tags of HTML. One or more sources are allowed for the form-action-src directive.

 

Name

DirectiveForm_action_Src

Code

FORM_ACTION_SRC

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Default Value

*.google.com

 

Directive connect_src

 

The directive determines the URLs that can be loaded via script interfaces. The APIs not allowed in the directive are: <a> ping, fetch(), XMLHttpRequest, WebSocket,EventSource and Navigator.sendBeacon(). If this directive is absent, the user agent will look for the default-src directive. One or more sources are allowed for the connect-src directive.

 

Name

DirectiveConnect_Src

Code

CONNECT_SRC

Configuration Levels

 

Installation

item-incluye-docu

Application

item-noincluye-docu

Organizational Unit

item-noincluye-docu

User

item-noincluye-docu

Dynamic

item-incluye-docu

Encrypted

item-noincluye-docu

Default Value

 

https://www.cloudflare.com/cdn-cgi/trace data

Send us your comment
Share on Twitter Share on Linkedin Send by Email Print