Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Akshay Garg (AkshayG2)
Expedia

Expedia
IN
AkshayG2 Member since 2014 7 posts
Expedia
Posted: Feb 22, 2018
Last activity: Feb 23, 2018
Posted: 22 Feb 2018 1:54 EST
Last activity: 23 Feb 2018 5:29 EST
Closed

Can we add security headers like Content-Security-Policy in PRPC 5.5 running on Tomcat

Hi,

Can we add security headers like Content-Security-Policy in PRPC 5.5 running on Tomcat?

Thanks!

To see attachments, please log in.
Security

Posted: 7 years ago
Updated: 7 years ago
Posted: 22 Feb 2018 4:07 EST
Updated: 22 Feb 2018 4:37 EST
Ujjwal Kumar Shukla (UjjwalShukla_GCS)
PEGA
Senior Manager, Technical Support, Stability and Reliability
Pegasystems Inc.
IN

Hi Akshay,

https://collaborate.pega.com/question/content-security-policy-headers-response

Above should help you in how to do it. However I think CSP header support began with IE 10.

Thanks,
Ujjwal

To see attachments, please log in.
Posted: 7 years ago
Posted: 22 Feb 2018 16:24 EST
Brad Tainter (Br@dTainter_GCS)
PEGA
Fellow, Technical Support, Platform Service
Pegasystems Inc.
US

Hi Akshay,

CSP isn't supported in Pega 7 until version 7.1.6.  As such, for your 5.5SP1 version, there is nothing available to define the headers.  If you review the following document, it describes how you can set the header via your webserver:  https://content-security-policy.com/​  Go to the bottom of the page and look for Apache Content-Security-Policy Header

To see attachments, please log in.
Posted: 7 years ago
Posted: 23 Feb 2018 5:29 EST
Akshay Garg (AkshayG2)
Expedia

Expedia
IN

Thanks Brad. Link you shared was helpful. Since our application is built on 5.5 version and it is supported on IE only. 

However CSP is not supported in IE yet so it seems we won't be able to proceed further.

Thanks again.

To see attachments, please log in.

Related content:

Related content has not currently been identified for this post.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice