...
The Security Content Policy often referred to as Content Security Policy, is a http HTTP response header that restricts how helps you restrict which resources (JavaScript, CSS, Images, etc.) are loaded from the allowed sites. It will help This helps to mitigate some attacks of Cross Site Scripting (XSS) and data injection.
...
The default values can be overwritten by setting the configuration item security_content_policy in the configuration file, opCommon.json.
The default values include included in the source code are:
| Code Block |
|---|
"connect-src 'self' opmantek.com community.opmantek.com services.opmantek.com ws: wss: maps.google.com maps.gstatic.com; font-src 'self' fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'none'; manifest-src 'none'; media-src 'none'; object-src 'none'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' maps.googleapis.com maps.google.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; worker-src 'self';" |
...
Depending on what you need to achieve, you will need to update your configuration to include some or all of the default options as well as options specific to your environment.
For example, if you were going want to include one of the Opmantek applications in an iFrame, you would need to include directives for frame-ancestors and frame-src, e.g.
| Code Block |
|---|
frame-ancestors https://*.yourdomain.com frame-src https://*.yourdomain.com |
The total final configuration would be something like the following:
...