close

Filter

loading table of contents...

Deployment Manual / Version 2401

Table Of Contents

3.4.6 Content Security Policy Configuration

The following list contains configuration properties related to Content Security Policy (CSP) in the Studio.

studio.security.csp.child-src
Type java.util.List<java.lang.String>
Default  
Description

List of values for the 'child-src' policy directive. This directive is only applied if extended by plugins or extensions.

studio.security.csp.connect-src
Type java.util.List<java.lang.String>
Default  
Description

List of values for the 'connect-src' policy directive. Defaults to 'self'.

studio.security.csp.font-src
Type java.util.List<java.lang.String>
Default  
Description

List of values for the 'font-src' policy directive. Defaults to 'self'.

studio.security.csp.frame-src
Type java.util.List<java.lang.String>
Default  
Description

List of values for the 'frame-src' policy directive. The hierarchy of default values for this directive is as follows

  1. studio.previewUrlWhitelist values if specified

  2. schema and authority of studio.previewUrlPrefix if specified

  3. 'self'

To allow YouTube videos inside the external preview, add the Youtube URL: studio.security.csp.frameSrc=http://localhost:40980,*.coremedia.vm:40980, *.coremedia.vm,*.coremedia.com,*.coremedia.com:8000,*.coremedia.vm:8000, 'self',www.youtube.com

studio.security.csp.img-src
Type java.util.List<java.lang.String>
Default  
Description

List of values for the 'img-src' policy directive. Defaults to 'self'.

studio.security.csp.manifest-src
Type java.util.List<java.lang.String>
Default  
Description

List of values for the 'manifest-src' policy directive. Defaults to 'self'.

studio.security.csp.media-src
Type java.util.List<java.lang.String>
Default  
Description

List of values for the 'media-src' policy directive. Defaults to 'self'.

studio.security.csp.object-src
Type java.util.List<java.lang.String>
Default  
Description

List of values for the 'object-src' policy directive. Defaults to 'self'.

studio.security.csp.report-uri
Type java.util.List<java.lang.String>
Default  
Description

List of values for the 'report-uri' policy directive. If no custom list is provided the directive is not included.

studio.security.csp.script-src
Type java.util.List<java.lang.String>
Default  
Description

List of values for the 'script-src' policy directive. Defaults to 'self','unsafe-eval'.

studio.security.csp.style-src
Type java.util.List<java.lang.String>
Default  
Description

List of values for the 'style-src' policy directive. Defaults to 'self','unsafe-inline'.

studio.security.csp.frame-ancestors
Type java.util.List<java.lang.String>
Default  
Description

List of values for the 'frame-ancestors' policy directive. Defaults to 'self'. @deprecated Configuring this setting does not have an effect anymore. Please configure this directive in deployment.

Table 3.27. Content Security Policy Related Studio Properties


Search Results

Table Of Contents
warning

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.