Content-Security-Policy
Check out this article and read more details about the Content-Security header and learn how to configure it for your i4connected installation.
The Content-Security-Policy response header allows web site administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints. This helps guard against cross-site scripting attacks (XSS).
The Content-Security-Policy header can be configured in the Web.config file, under the i4connected API folder, allowing the system administrator to specify multiple policies for a resource. Additional policies have the scope to bring more capabilities restrictions to the protected resource.
The Content-Security-Policy
Tip
For more details about the directives of the Content-Security-Policy, please also visit this article.
Important
This header should be removed from the Web.config file if the i4connected API and Portal uses HTTP, instead of HTTPS.