Tweet
Hi,
We have been requested to ensure we set the "content-security-policy" header.
What values will get the best security for espocrm?
Here is a sample of something that does not seem to cause any issues:
Header set Content-Security-Policy: "default-src https:; object-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline';"
Not sure if this can be restricted any more or if this maybe as tight as it gets?
We have been requested to ensure we set the "content-security-policy" header.
What values will get the best security for espocrm?
Here is a sample of something that does not seem to cause any issues:
Header set Content-Security-Policy: "default-src https:; object-src https:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline';"
Not sure if this can be restricted any more or if this maybe as tight as it gets?
Comment