Missing "Content-Security-Policy" header
search cancel

Missing "Content-Security-Policy" header

book

Article ID: 260171

calendar_today

Updated On:

Products

CA Process Automation Base

Issue/Introduction

Running PAM 04.3.05 CP06

Main issue:
Missing "Content-Security-Policy" header

Proposed Solution:
Configure your server to send the "Content-Security-Policy" header

Port:  443
CWE:  1032

Environment

Release : 4.3

CA Process Automation

Resolution

Modify web.xml at <Install_Dir>\server\c2o\ext-deploy\c2oear-snapshot.ear\web-snapshot.war\WEB-INF

Rename X-Content-Security-Policy to Content-Security-Policy in web.xml and set param-value as object-src 'self'

Powered by Wolken Software