Question

3
Replies
937
Views
Close popover
Jill Haria (JillHaria)
CAPGEMINI

CAPGEMINI
IN
JillHaria Member since 2014 6 posts
CAPGEMINI
Posted: January 13, 2020
Last activity: January 16, 2020
Closed

Content Security Policy

Hi,

We have implemented custom CSP rule for our application. In CSP rule there is no option to implement prefetch-src as 'self' . Where should this be implemented ?

I have tried to implement it in response header and it gives me a warning as below:

The Content-Security-Policy directive 'prefetch-src' is implemented behind a flag which is currently disabled.

Also CSP headers are not a part of response on the login screen, and if CSP is added in response header will it be overridden by the CSP rule defined at application level once logged in. How can this be configured?

Regards,

Jill Haria

Pega Academy
Moderation Team has archived post