Question
5
Replies
167
Views
Scotiabank
Posted: June 11, 2020
Last activity: July 24, 2020
Application's Content Security Policy
What is the impact on the Out of the Box functionalities of using "pxDefaultSecured" Policy combining with "Reject & Report" Mode in Pega Platform 7.4 and "Customer Service for Financial Services 7.4"?
***Edited by Moderator Marissa to update Support Case Details***
To elaborate the above question a little:
During one of the Security Scans of our application, we got the following comment from the system:
"Insufficient Content Security Policy – While the application implements a Content Security Policy (CSP), this policy is exceptionally lax and provides little to no protection. If the application is opened in modern browsers, including Edge, the policy also allows the application to be loaded into an IFRAME overruling other security headers."
Any help in this regard is appreciated.