Question

9
Replies
4508
Views
KyraT490 Member since 2016 2 posts
Atos
Posted: 3 years ago
Last activity: 2 years 11 months ago
Closed
Solved

Content Security Policy headers in response

After configuring my application to use a certain Content Security Policy I expect the CSP headers (Content-Security-Policy, X-Content-Security-Policy and X-Webkit-CSP) to be part of every document/xhr response I get from Pega. However, quite a number of (mostly document) reponses do not contain these headers. I haven't figured out a pattern yet, but I'm wondering:

Is there a reason for this behavior? Is there a way to change the behavior so the CSP headers are always part of the response?

***Updated by moderator: Lochan to add SR details***

**Moderation Team has archived post**

This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.

Security SR Created
Moderation Team has archived post
Share this page LinkedIn