Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Aradhana Mukherjee (AradhanaM)
HCL
Aradhana Mukherjee
HCL
RO
AradhanaM Member since 2015 1 post
HCL
Posted: Jan 27, 2022
Last activity: Jan 27, 2022
Posted: 27 Jan 2022 2:31 EST
Last activity: 27 Jan 2022 6:33 EST
Closed

Settings options of Content Security Policy in Application Tab

In the Application rule's security tab there are two options(radio button) for security policy a. Reject and Report b. Report Only.

 

Can anyone let me know the significance of these both. (after selecting Reject and Report I was not able to load the first screen after log-in)

 

In our current application(upgraded recetly to Pega8.6) we are making changes in Script-Sources (only selecting Self and Data) and Frame-Ancestors (selecting Self ) by saving as Pega provided security policy pxDefaultAllowAll (which has Allow-all selected ) in order to prevent Potential ClickJacking and Insecure CSP Configuration.

To see attachments, please log in.
Pega Platform 8.6
Pega Express
Communications and Media
Team Lead

Posted: 3 years ago
Posted: 27 Jan 2022 6:33 EST
Himanshu Negi (HNegi)
Coforge DPA
SENIOR TECHNOLOGY SPECIALIST
Coforge DPA
IN

@AradhanaM The value selected for Mode of content security policy derives whether to enforce the policy, or to merely report usage of the policy:

  • Reject and report – Enforce the policy
  • Report only – Report, but do not enforce the policy

also refer to article https://academy.pega.com/topic/content-security-policies/v3

 

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice