Question

3
Replies
2924
Views
Patrick Capron (PatrickC8660)
TD Bank Group
Solutions Design IT Specialist
TD Bank Group
CA
PatrickC8660 Member since 2014 26 posts
TD Bank Group
Posted: February 27, 2018
Last activity: March 1, 2018
Posted: 27 Feb 2018 14:42 EST
Last activity: 1 Mar 2018 11:11 EST
Closed
Solved

Content Security Policy - wss protocol on Self is being blocked

Hi,

We have implemented a custom CSP for our application, and for the connect-src directive, we set it to Self.

We are now seeing items being blocked and reported with a Blocked Content Source of wss://myserver.mydomain.com where myserver.mydomain.com is the same domain as the Pega instance.

We would have expected the "Self" option to match for the wss protocol as well.

If that's not the case, can we provide an "Allowed website" with a wildcard like wss://*.mydomain.com as this domain will change per environment.

Security
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.