Deployment Manual / 3.4.6 Content Security Policy Configuration

Deployment Manual / Version 2406.0

Table Of Contents

3.4.6 Content Security Policy Configuration

The following list contains configuration properties related to Content Security Policy (CSP) in the Studio.

`studio.security.csp.child-src`
Type	`List<String>`
Description	List of values for the 'child-src' policy directive. This directive is only applied if extended by plugins or extensions.
`studio.security.csp.connect-src`
Type	`List<String>`
Description	List of values for the 'connect-src' policy directive. Defaults to 'self'.
`studio.security.csp.font-src`
Type	`List<String>`
Description	List of values for the 'font-src' policy directive. Defaults to 'self'.
`studio.security.csp.frame-ancestors`
Type	`List<String>`
Description	List of values for the 'frame-ancestors' policy directive. Defaults to 'self'.
Deprecation	This property has been deprecated and will be removed in a future version.
`studio.security.csp.frame-src`
Type	`List<String>`
Description	List of values for the 'frame-src' policy directive. The hierarchy of default values for this directive is as follows studio.previewUrlWhitelist values if specified schema and authority of studio.previewUrlPrefix if specified 'self' To allow YouTube videos inside the external preview, add the Youtube URL: studio.security.csp.frameSrc=http://localhost:40980,.coremedia.vm:40980, .coremedia.vm,.coremedia.com,.coremedia.com:8000,*.coremedia.vm:8000, 'self',www.youtube.com
`studio.security.csp.img-src`
Type	`List<String>`
Description	List of values for the 'img-src' policy directive. Defaults to 'self'.
`studio.security.csp.manifest-src`
Type	`List<String>`
Description	List of values for the 'manifest-src' policy directive. Defaults to 'self'.
`studio.security.csp.media-src`
Type	`List<String>`
Description	List of values for the 'media-src' policy directive. Defaults to 'self'.
`studio.security.csp.object-src`
Type	`List<String>`
Description	List of values for the 'object-src' policy directive. Defaults to 'self'.
`studio.security.csp.report-uri`
Type	`List<String>`
Description	List of values for the 'report-uri' policy directive. If no custom list is provided the directive is not included.
`studio.security.csp.script-src`
Type	`List<String>`
Description	List of values for the 'script-src' policy directive. Defaults to 'self','unsafe-eval'.
`studio.security.csp.style-src`
Type	`List<String>`
Description	List of values for the 'style-src' policy directive. Defaults to 'self','unsafe-inline'.

Table 3.25. Content Security Policy Related Studio Properties

Search Results

Table Of Contents