Skip to main content
LinkedIn
Copied!

Table of Contents

Content security policy

The Content Security Policy (CSP) is a set of directives informing the user's browser of locations from which an application can load resources. These locations are provided in the form of URL schemes, including an asterisk (*) to represent all URLs. Each directive governs a specific resource type that affects what is displayed in a browser. Collectively, the directives are sent to the client in the Content-Security-Policy HTTP header. Each browser type and version obey as much of the policy as they can. If a browser does not understand a directive, it is ignored; otherwise, it is explicitly followed.

Configuring CSP for Legacy Webchat

Configure the CSP directives so that browsers load resources only from authorized websites.

Create your content security policy. For more information, see Creating a content security policy.

  1. In the Dev Studio header, click the application, and then click Definition.

  2. On your application page, click the Security tab.

  3. In the Content security section, press the down arrow, and then select the policy name for which you want to configure the derivatives.

  4. To configure the CSP directives for the selected policy, click the Open icon beside the policy name.

    Content security policy
    Content security policy
    The system opens the <policy name> page with the Policy Definition tab where you can configure the content security policy derivatives. For more information on CSP derivatives, see Content security policies.
  5. On the Policy Definition tab, in the Content Security Policy section, expand the section of the directive for which you want to list allowed websites.

  6. Under Allowed websites, click the Add a row icon.

  7. In the Allowed websites field, enter the URL of the website for which to grant access.

    For Legacy Webchat, enter the chat URL in the Allowed websites field for Connect-Source, Script-Source, and Image-Source directives.
  8. In the Notes field, enter a short description about why the site should have access.

  9. Click Save to save the CSP directives.

  10. On your application page specify whether to enforce the policy, or to report usage of the policy without enforcing the policy, by selecting either of the following modes:

    • Reject and report – Enforces the policy.
    • Report only – Reports, but does not enforce the policy.
  11. Click Save to save all the changes on the application page.

Suggest Edit
Did you find this content helpful?

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Ready to crush complexity?

Experience the benefits of Pega Community when you log in.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us