ContentSecurityPolicy
The Content-Security-Policy HTTP header to add to the response for View actions where NoACI is set to True
and where StripScript is set to True
.
By default, when StripScript is enabled, IDOL View Component adds the following HTTP headers to prevent Web browsers from running any scripts embedded in the HTML:
Content-Security-Policy: script-src 'none'; X-Content-Security-Policy: sandbox
This configuration parameter allows you to modify the value of the Content-Security-Policy header.
To remove the header, set ContentSecurityPolicy
to a whitespace value. Removing the Content-Security-Policy header also removes the X-Content-Security-Policy header. You cannot modify the X-Content-Security-Policy header, except to remove it.
Type: | String |
Default: | script-src 'none'; |
Required: | No |
Configuration Section: | Viewing |
Example: | ContentSecurityPolicy=default-src 'none';
|
See Also: | StripScript View action StripScript parameter |