Question

3
Replies
352
Views
JillHaria Member since 2014 6 posts
CAPGEMINI
Posted: 8 months ago
Last activity: 8 months 1 week ago

Content Security Policy

Hi,

We have implemented custom CSP rule for our application. In CSP rule there is no option to implement prefetch-src as 'self' . Where should this be implemented ?

I have tried to implement it in response header and it gives me a warning as below:

The Content-Security-Policy directive 'prefetch-src' is implemented behind a flag which is currently disabled.

Also CSP headers are not a part of response on the login screen, and if CSP is added in response header will it be overridden by the CSP rule defined at application level once logged in. How can this be configured?

Regards,

Jill Haria

Pega Academy
Share this page LinkedIn