Content Security Policy (CSP) | Communifire Documentation

What is Content Security Policy?

Content Security Policy (CSP) is a security setting that sets the external sites your site can load resources from. If a resource comes from a site that isn't in the CSP whitelist, that resource is blocked. 

CSP protects against content injection attacks, such as Cross-Site Scripting (XSS). CSP allows administrators to reduce the risk of attacks on their site by specifying a whitelist of trusted sites that resources can be loaded from.

Learn more about CSP:

• Content Security Policy (CSP) — MDN Web Docs
• Improving Web Security with the Content Security Policy — Sitepoint

Which features does CSP affect?

Features that access external resources can be affected by CSP. Keep this in mind as you create the whitelist of trusted sites.

• Raw HTML Widget 
• IFrame Widget 
• Header and Footer Scripts 

How can I set CSP for my intranet?

The ContentSecurityPolicy system property allows users to establish security policies directly through system configuration. By defining CSP directives using this property, users can specify which resources (such as scripts, stylesheets, images, fonts, etc.) are allowed to be loaded and executed on their web pages. 

To set up the Content Security Policy (CSP) by utilizing the ContentSecurityPolicy system property:

1. Navigate to Control Panel > System > System Properties > ContentSecurityPolicy.
2. Define the CSP directives by specifying allowed content sources using a semicolon-separated list. You can allow scripts to be loaded only from the same origin as your website and from a trusted third-party domain (https://trusted-source.com) by configuring the ContentSecurityPolicy property as follows:

3. Save the changes.