Content security policies

The Content Security Policy (CSP) is a set of directives that inform the user's browser of locations from which an application is allowed to load resources. These locations are provided in the form of URL schemes, including the use of an asterisk (*) to represent all URLs. Each directive governs a specific resource type that affects what is displayed in a browser. Collectively, the directives are sent to the client in the Content-Security-Policy HTTP header. Each browser type and version obey as much of the policy as they can. If a browser does not understand a directive, it is ignored; otherwise it is explicitly followed.

To access the content security policies in an application, do one of the following actions:

  • Specify the content security policy on the Application form.

    1. In the Dev Studio header, click Application name > Definition.

    2. On the Application form, click the Integration & security tab.

    3. In the Policy name field, press the Down Arrow key, and then select the name of a content security policy.

    4. Optional:

      To enforce the policy instead of reporting it only, click Reject and report.

    5. Click Save.
  • Use the Application Explorer to list the content security policies in your application.
  • In the navigation panel, click Records > Security > Content Security Policy to list all the content security policies that are available to you.