Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Content Security Policy - "unsafe-inline" / " |
|
Author |
|
apishdad
Joined: 01 Jul 2019 Posts: 44 Location: Canada, Toronto
|
Posted: Wed 17 Feb '21 5:36 Post subject: Content Security Policy - "unsafe-inline" / " |
|
|
We are trying to secure our Apache Servers using Content Security Policy as stated here :
https://content-security-policy.com/
The problem is that the back end application that is running behind the Apaches is an old application and as soon as we put "unsafe-inline" and "unsafe-eval" in the header the GUI messes up and all kind of errors happen in the application.
The vendor says that the scope of change is huge for them and we need to have "unsafe-inline" and "unsafe-eval" in the header for the application to run.
We are in a dilemma. What are some of the alternate ways that we can secure our site?
Thanks For Your Input. |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7373 Location: Germany, Next to Hamburg
|
Posted: Wed 17 Feb '21 9:41 Post subject: |
|
|
It is a bit tricky to set that up. I use a generator for that https://www.cspisawesome.com/
Open the inspection tools of your browser and look in the console what is beeing blocked. Then You can use the generator to have the correct headers for your site. |
|
Back to top |
|
apishdad
Joined: 01 Jul 2019 Posts: 44 Location: Canada, Toronto
|
Posted: Fri 19 Feb '21 5:03 Post subject: |
|
|
Thanks James, I really appreciate your help and the link you provided. |
|
Back to top |
|
|
|
|
|
|