The Content Security Policy Module allows a content security policy to be managed via the Kentico administration.
The Content Security Policy Module allows a content security policy to be managed via the Kentico administration. For more details on Content Security Policy, please visit https://developer.mozilla.org/en-US/docs/Web/Security/CSP.
A Content Security Policy is an HTTP header that tells the browser which resources are allowed on the page. It is a white list of resources allowed based on type (style, script, etc.).
Once installed, go to the Kentico Administration => Settings => Security => Content Security Policy to manage the settings.
By default, the settings are set to ‘report only’. This will build up a report of violations into the Content Security Policy Violation Reports application in Kentico. Browse the website while in this mode to build up a list of warnings that can then be used to update the content security policy to match the requirements of your website.
The content security policy for the Kentico administration interface is set-up separately. The default allows the administration to work but can be overridden by creating an AppSetting in the web.config called "Crafted:ContentSecurityPolicy:AdminCSP" set to “true”.
In the case where the site becomes unresponsive due to the Content Security Policy being applied, you can disable the module by creating another AppSetting in the web.config called "Crafted:ContentSecurityPolicy:Enabled" set to "false".
- Content security policies can break your site. It is advised to be familiar with content security policies when installing the module. In addition, you should always try out the module first in a test environment before applying to a production environment.
- Crafted accepts no liability of your use of the module.
- Installation in the root directory is necessary in order for the module to work properly
For more information, please visit our website: https://www.crafted.co.uk/csp