ContentSecurityPolicy
The Content-Security-Policy HTTP header to add to the response for View actions where NoACI is set to True and where StripScript is set to True.
By default, when StripScript is enabled, IDOL View Component adds the following HTTP headers to prevent Web browsers from running any scripts embedded in the HTML:
Content-Security-Policy: script-src 'none'; X-Content-Security-Policy: sandbox
This configuration parameter allows you to modify the value of the Content-Security-Policy header.
To remove the header, set ContentSecurityPolicy to a whitespace value. Removing the Content-Security-Policy header also removes the X-Content-Security-Policy header. You cannot modify the X-Content-Security-Policy header, except to remove it.
| Type: | String |
| Default: | script-src 'none'; |
| Required: | No |
| Configuration Section: | Viewing |
| Example: | ContentSecurityPolicy=default-src 'none';
|
| See Also: | StripScript View action StripScript parameter |