Posted: 11 Feb 2016 15:22 EST Last activity: 26 Jun 2017 9:17 EDT
How do we resolve, "This application's Content Security Policy on the Integration tab has been left blank. It is recommended to use a default policy or create your own prior to migrating to a production environment."?
I am assuming that the application in question is going to be used in production. If so, I would encourage you to develop a customized content security policy rather than using pxDefaultAllowAll to make the warning go away. A content security policy will help to reduce your exposure to a variety of security threats by limiting the content in your application to only the sources that you white list.
Content Security Policy was not introduced in Pega until 7.1.6. I would suggest that you look at this reference for adding a policy via your load balancer or web server: https://content-security-policy.com/