1

According to below instruction from MX documentation, what’s the way of configuring the content security header for apps on docker image? Can we update runtime settings? What runtime settings are related to this case?   ”9 Setting Security Headers When running on-premises, no HTTP headers are set automatically. You will need to decide which HTTP headers you need to set for your app. For example, Content Security Policy (CSP) is not enabled for you. There is no direct impact of not implementing CSP for your app. However, if it is vulnerable to a Cross-site Scripting attack CSP can prevent successful exploitation of that vulnerability. It is recommended that you add the HTTP header Content-Security-Policy and set the value to default-src 'none'; img-src 'self'; script-src 'self' {URL}; style-src 'self'  

asked 2020-10-27

0 answers