The following list contains configuration properties related to Content Security Policy (CSP) in the
Studio.
studio.security.csp.child-src
Type
java.util.List<java.lang.String>
Default
Description
List of values for the 'child-src' policy directive. This directive is
only applied if extended by plugins or extensions.
studio.security.csp.connect-src
Type
java.util.List<java.lang.String>
Default
Description
List of values for the 'connect-src' policy directive. Defaults to
'self'.
studio.security.csp.font-src
Type
java.util.List<java.lang.String>
Default
Description
List of values for the 'font-src' policy directive. Defaults to
'self'.
studio.security.csp.frame-src
Type
java.util.List<java.lang.String>
Default
Description
List of values for the 'frame-src' policy directive. The hierarchy of
default values for this directive is as follows
studio.previewUrlWhitelist values if specified
schema and authority of studio.previewUrlPrefix if specified
'self'
To allow YouTube videos inside the external preview, add the Youtube
URL:
studio.security.csp.frameSrc=http://localhost:40980,*.coremedia.vm:40980, *.coremedia.vm,*.coremedia.com,*.coremedia.com:8000,*.coremedia.vm:8000, 'self',www.youtube.com
studio.security.csp.img-src
Type
java.util.List<java.lang.String>
Default
Description
List of values for the 'img-src' policy directive. Defaults to 'self'.
studio.security.csp.manifest-src
Type
java.util.List<java.lang.String>
Default
Description
List of values for the 'manifest-src' policy directive. Defaults to
'self'.
studio.security.csp.media-src
Type
java.util.List<java.lang.String>
Default
Description
List of values for the 'media-src' policy directive. Defaults to
'self'.
studio.security.csp.object-src
Type
java.util.List<java.lang.String>
Default
Description
List of values for the 'object-src' policy directive. Defaults to
'self'.
studio.security.csp.report-uri
Type
java.util.List<java.lang.String>
Default
Description
List of values for the 'report-uri' policy directive. If no custom
list is provided the directive is not included.
studio.security.csp.script-src
Type
java.util.List<java.lang.String>
Default
Description
List of values for the 'script-src' policy directive. Defaults to
'self','unsafe-eval'.
studio.security.csp.style-src
Type
java.util.List<java.lang.String>
Default
Description
List of values for the 'style-src' policy directive. Defaults to
'self','unsafe-inline'.
studio.security.csp.frame-ancestors
Type
java.util.List<java.lang.String>
Default
Description
List of values for the 'frame-ancestors' policy directive. Defaults to
'self'. @deprecated Configuring this setting does not have an effect
anymore. Please configure this directive in deployment.
Table 3.28. Content Security Policy Related Studio Properties
