Questions tagged [content-security-policy]
25 questions
0
votes
2 answers
Setting SElinux Labels for a magento site on Centos 7
I was hoping someone could kindly help myself. I have a Magento site running on a Centos 7.6 server.
Now, the site is not correctly loading and looking in the messages.log I see numerous entries where SElinux is blocking access. I am able to…
Vaishal Patel
- 113
- 6
0
votes
3 answers
Content-Security-Policy for Exchange 2016
I would like to add Content-Security-Policy headers for Exchange 2016 for /owa and /ecp.
Being well aware that a "too restrictive" Content-Security-Policy header can break both /owa and /ecp, is there a known working least permissive set for…
shouldbeq931
- 509
- 4
- 15
0
votes
2 answers
Prevent Unjoined-to-domain computers from connecting to my network
How to prevent any computer that is not joined to the domain from requesting any service from my network? Considering that the computer is on another network.
Alaa AlHafez
- 11
- 1
- 5
0
votes
1 answer
CSP response header causes firefox to abort loading of website
only in Firefox (recent and legacy) a website of mine is answered with a status code 200 but Firefox simply aborts without any error message. The server logs also show no issue. By going through the settings I pinned it down to the CSP header.
Does…
mikeg
- 1
- 1
0
votes
0 answers
configuring content-security-policy for apache virtual hosts
I have Apache 2.4 with these sites configured in the httpd-vhosts.conf file:
DocumentRoot "c:\apache_php\sites\public"
ServerName www.mydomain.com
…
raphael75
- 133
- 2
- 10
0
votes
0 answers
Setting "Content-Security-Policy default-src https:" breaks site
I need to set the Content-Security-Policy header to allow loading scripts from any HTTPS source. When I add the following line to my nginx configuration, the look and feel of the site breaks. What am I missing?
add_header Content-Security-Policy…
electrophile
- 111
- 3
0
votes
1 answer
Cloudflare + Apache + CSP Headers: Old CSP headers are returned
We are using apache2 on our server, which is behind cloudflare (free plan).
I am currently implementing googles recaptcha, which requires me to make changes to our CSP headers.
What I did:
Change CSP in Apache
Run apachectl configtest - all…
Felix Hagspiel
- 101
- 2
0
votes
2 answers
How do I remove a HTTP header in Apache, if a certain IP access it?
How can I unset single/multiple HTTP headers when my website is accessed by a particular IP address? Because my CSP config blocks some local pages from loading properly. For example, if I have phpMyAdmin, but I cannot use it locally because CSP is…
user549144
0
votes
0 answers
Content-Security-Policy issues
I'm running NGINX as a reverse proxy and I4ve set the Content-Security-Policy header and I'm running into problems with some directives.
I get the following errors in the console:
Unrecognized Content-Security-Policy directive…
Sven Cazier
- 101
- 2
0
votes
0 answers
Why doesn't nginx proxy_hide_headers directive work in this case?
I have an nginx server block like this, and I am trying to use the proxy_hide_header directive to hide the Content-Security-Policy response header from the proxied server because I am not running an SSL server in a local environment and so the…
jonseymour
- 243
- 1
- 5
- 13