You can configure the Content-Security-Police HTTP header through the API in the Program.cs file of the ASP.NET Core Renderer or via the backend UI, through the Advanced settings.
Program.cs
RECOMMENDATION: We recommend configuring the header via the API, because you have more configuration options.
When you create directives using the backend UI, you do not need to build and deploy your renderer application. This option is suitable for content editors when they need to quickly allow an external source.
Perform the following:
EXAMPLE: To add a particular website as a secure source, modify the section in the following way:
For more information, see CSP header syntax reference.
Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.
This free lesson teaches administrators, marketers, and other business professionals how to use the Integration hub service to create automated workflows between Sitefinity and other business systems.
This free lesson teaches administrators the basics about protecting yor Sitefinity instance and its sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.
The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.
To submit feedback, please update your cookie settings and allow the usage of Functional cookies.
Your feedback about this content is important