Question

10
Replies
4071
Views
Close popover
Dyan Baur (DyanG412)
Hawaii Medical Service Association

Hawaii Medical Service Association
US
View Profile Send Message
DyanG412 Member since 2013 212 posts
Hawaii Medical Service Association
Posted: February 11, 2016
Last activity: June 26, 2017
Closed
Solved

How do we resolve, "This application's Content Security Policy on the Integration tab has been left blank. It is recommended to use a default policy or create your own prior to migrating to a production environment."?

This is information warning in application rule.

Close popover
Moderation Team has archived post,
Close popover This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.
Posted: 5 years ago
Close popover
Murali Kakarla (Muralik7)
Infosys

Infosys
AU
View Profile Send Message

Did you try setting Policy name and mode on Integration & Security tab on Application rule form? Following is the screenshot from 7.1.7

     AUT01.png    

Murali...

Posted: 5 years ago
Close popover
Matthew Morency (morem)
PEGA
Principal Platform Security Engineer
Pegasystems Inc.
US
View Profile Send Message

I am assuming that the application in question is going to be used in production.  If so, I would encourage you to develop a customized content security policy rather than using pxDefaultAllowAll to make the warning go away.  A content security policy will help to reduce your exposure to a variety of security threats by limiting the content in your application to only the sources that you white list. 

Posted: 5 years ago
Close popover
Dyan Baur (DyanG412)
Hawaii Medical Service Association

Hawaii Medical Service Association
US
View Profile Send Message

hi Matthew,

is there any more details about the content security policy that i can refer ?

Posted: 3 years ago
Close popover
Geeta Ramani (GeetaRamani7)
StratosphereTC
Senior Consultant
StratosphereTC
US
View Profile Send Message

Hi Matt,

Ours is a 7.1.5 application. Can you tell us how we can create a Content Security Policy in Pega 7.1.5?


 


Many thanks in advance!


Geeta

Posted: 3 years ago
Close popover
Abhijith Kolanakuduru (Abhijith_CLSA62)
Telstra
Feature Team Lead, E-BPM
Telstra
AU
View Profile Send Message

Assuming most of the Pega Apps are in internal network, it'd be nice to know which OOTB Content Security Policy rule we can use so that we don't have to customize.

Posted: 3 years ago
Close popover
Brad Tainter (Br@dTainter_GCS)
PEGA
Client Solutions Fellow
Pegasystems Inc.
US
View Profile Send Message

Hi Abhijith,


Pega 7 comes with 2 Content Security Policies out of the box:  pxDefaultAllowAll and pxDefaultSecured.  You can open up those rules and review the policies in place for each.  On the application rule you can defined to reject and report or report only.  You may consider setting the policy to report only for each to see what the headers that get specified are on the response.  Then you can review and determine which on to put in place.  https://pdn.pega.com/sites/pdn.pega.com/files/help_v722/procomhelpmain.htm#rule-/rule-access-/rule-access-csp/definition.htm
Share this page Share via LinkedIn Copying...
Copied!