close

Filter

loading table of contents...

Release Notes / Version 12.2412.0

Table Of Contents

Stricter CSP Rules

The Content Security Rules for Studio Client have been hardened to prevent attackers from uploading JavaScript code into CMS Content and exploit possible XSS vulnerabilities to execute that code in the context of another Studio user. If you have added any custom scripts to Studio Client which are not deployed under the paths /packages/ or /resources/, they will now be blocked by the stricter CSP rules, which is reported in the browser console.

To fix this, you need to allow-list those scripts in apps/studio-client/apps/main/base-app/sencha/resources/config-init.js by adding their paths to the allow-list [..., "resources/", "packages/"].

(CMS-22221)

Search Results

Table Of Contents
warning

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.