Deployment Manual / Version 2110
Table Of ContentsThe following list contains configuration properties related to Content Security Policy (CSP) in the Studio.
studio.security.csp.connect-src
| |
Type | java.util.List<java.lang.String> |
Default | |
Description | List of values for the 'connect-src' policy directive. Defaults to 'self'. |
studio.security.csp.csp-mode
| |
Type | com.coremedia.rest.security.util.CSPMode |
Default | |
Description | Level of Content Security Policy protection (CSP). For further details about CSP and the default policy settings please refer to the Studio Developer Manual. Allowed values are:
|
studio.security.csp.font-src
| |
Type | java.util.List<java.lang.String> |
Default | |
Description | List of values for the 'font-src' policy directive. Defaults to 'self'. |
studio.security.csp.frame-ancestors
| |
Type | java.util.List<java.lang.String> |
Default | |
Description | List of values for the 'frame-ancestors' policy directive. Defaults to 'self'. @deprecated Configuring this setting does not have an effect anymore. Please configure this directive in deployment. |
studio.security.csp.frame-src
| |
Type | java.util.List<java.lang.String> |
Default | |
Description | List of values for the 'frame-src' policy directive. The hierarchy of default values for this directive is as follows
To allow YouTube videos inside the external preview, add the Youtube URL: studio.security.csp.frameSrc=http://localhost:40980,*.coremedia.vm:40980, *.coremedia.vm,*.coremedia.com,*.coremedia.com:8000,*.coremedia.vm:8000, 'self',www.youtube.com |
studio.security.csp.img-src
| |
Type | java.util.List<java.lang.String> |
Default | |
Description | List of values for the 'img-src' policy directive. Defaults to 'self'. |
studio.security.csp.manifest-src
| |
Type | java.util.List<java.lang.String> |
Default | |
Description | List of values for the 'manifest-src' policy directive. Defaults to 'self'. |
studio.security.csp.media-src
| |
Type | java.util.List<java.lang.String> |
Default | |
Description | List of values for the 'media-src' policy directive. Defaults to 'self'. |
studio.security.csp.object-src
| |
Type | java.util.List<java.lang.String> |
Default | |
Description | List of values for the 'object-src' policy directive. Defaults to 'self'. |
studio.security.csp.report-uri
| |
Type | java.util.List<java.lang.String> |
Default | |
Description | List of values for the 'report-uri' policy directive. If no custom list is provided the directive is not included. |
studio.security.csp.script-src
| |
Type | java.util.List<java.lang.String> |
Default | |
Description | List of values for the 'script-src' policy directive. Defaults to 'self','unsafe-eval'. |
studio.security.csp.style-src
| |
Type | java.util.List<java.lang.String> |
Default | |
Description | List of values for the 'style-src' policy directive. Defaults to 'self','unsafe-inline'. |
Table 3.28. Content Security Policy Related Studio Properties