Jump to content

Content Security Policy Header


MarkLince

Recommended Posts

Hi,

 

With ISAPI ap, can anyone tell me how to set Content Security Policy Header for UNIgui?

 

I have tried to set this in IIS 8 using the Header Response but no matter what options I set, my ap stops loading (loading....)

 

Thanks in advance.

Mark

Link to comment
Share on other sites

  • Administrators

Hi,

 

You can add a custom meta tag to SeverModule->CustomMeta. However, it is very likely that your uniGUI web app will not load because CSP highly restricts execution of dynamic java script code. uniGUI apps need to dynamically execure JS code. You may find a correct receipt that will work with uniGUI, but it may take several trial and error attempts.

  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...
  • 2 years later...
  • 2 years later...
  • 1 year later...
On 7/14/2022 at 9:50 AM, bbm said:

Hi,

any solution for that?

Best regards

on procedure TUniServerModule.UniGUIServerModuleHTTPCommand(

add 

//https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src
  AResponseInfo.CustomHeaders.AddValue('Content-Security-Policy', 'frame-src ''none''; object-src ''none''; ');

please share result !

 

Link to comment
Share on other sites

×
×
  • Create New...