Content Security Policy

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • SoBeGuy
    Member
    • Jan 2024
    • 62

    Content Security Policy

    In the config file, if we set clientCspDisabled => true that disables the Content Security Policy header on most pages. However, the header is still present when viewing inline attachments (entryPoint=download). Can you make it so the header is also disabled on this page? Or can you create a new config setting to disable the header on the download page? I have HTML files as attachments and because of the header, the files are displayed without their embedded styles and images.
  • yuri
    Member
    • Mar 2014
    • 8453

    #2
    No as it would be a security vulnerability. Viewing HTML with the download entry point is misusing of the functionality.
    If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

    Comment

    Working...