Question

3
Replies
2283
Views
PatrickC8660 Member since 2014 24 posts
TD Bank Group
Posted: February 27, 2018
Last activity: March 1, 2018
Closed
Solved

Content Security Policy - wss protocol on Self is being blocked

Hi,

We have implemented a custom CSP for our application, and for the connect-src directive, we set it to Self.

We are now seeing items being blocked and reported with a Blocked Content Source of wss://myserver.mydomain.com where myserver.mydomain.com is the same domain as the Pega instance.

We would have expected the "Self" option to match for the wss protocol as well.

If that's not the case, can we provide an "Allowed website" with a wildcard like wss://*.mydomain.com as this domain will change per environment.

Security
Moderation Team has archived post
Share this page LinkedIn