Skip to content

Configuring Content Security Policy

This guide describes how you can configure the Content Security Policy of your application. Read Content Security Policy concept for more details and security background of this policy.

Configuring the Content Security Policy of your application

Configuring Content Security Policy header, prevents from possible attacks and execution of malicious content or code and makes your application more secure.
For more information click on the link why you should use it.

Prerequisites

  • You need to have access to tenant with the mdsp:core:Developer or mdsp:core:DeveloperAdmin role.
  • You need to have access to the Developer Cockpit.
  • The application must be available on your Launchpad and in a unregistered state in order to change the settings.
    Read First cloud foundry to create the application in Developer Cockpit.

Steps

Follow the steps below to change the configuration:

  1. Go to your Launchpad and open Developer Cockpit.
  2. Open your application from application overview.
  3. Click on the edit button (see image below) to modify the Content Security Policy for the configuration item cspHeader.
  4. Change the values and click on update.
    By default, MindSphere Gateway adds the following cspHeader for web applications.
    1
        Content-Security-Policy: default-src 'self' static.{env}.mindsphere.io; style-src * 'unsafe-inline'; script-src 'self' 'unsafe-inline' static.eu1.mindsphere.io; img-src * data:
    
    To understand about individual configuration items and configure more rules for cspHeader go to the Defaults & Recommendations section of Content security policy concept.
  5. Save the changes.
  6. Register the application.

Your changes are now active, MindSphere Gateway adds your cspHeader configuration to your application and you can check the response headers if the MindSphere Gateway delivers the correct Content-Security-Policy header.

CSP Configuration in the Developer Cockpit

Any questions left?

Ask the community


Except where otherwise noted, content on this site is licensed under the MindSphere Development License Agreement.