API Gateway: OAuth authorization server cannot use external CSS
Article ID: 126436
STARTER PACK-7CA Rapid App SecurityCA API Gateway
When customizing the OTK authorization server you may wish to use external stylesheets. However, when doing so the CSS will not be rendered.
This is caused by the browser enforcing the Content Security Policy set by OTK policy. The Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks.
The OTK adds a the CSP header in the OTK Security Header Extension policy. The default value below, allows allows inline style sheets to be used.