| ... |
... |
@@ -54,10 +54,8 @@ |
| 54 |
54 |
You can add additional policies to the Content-Security-Policy header. |
| 55 |
55 |
{{/figure}} |
| 56 |
56 |
|
| 57 |
|
-{{version major="7" minor="2"/}} |
|
57 |
+{{version major="7" minor="2" patch="1"/}} Lets you add additional policies to the Content-Security-Policy header. Different values can be stored for backend (administration interface, designer, inbox) and for frontend (web forms). |
| 58 |
58 |
|
| 59 |
|
-Lets you add additional policies to the Content-Security-Policy header. Different values can be stored for backend (administration interface, designer, inbox) and for frontend (web forms). |
| 60 |
|
- |
| 61 |
61 |
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft, to site defacement, to malware distribution. A primary goal of CSP is to mitigate and report XSS attacks. CSP makes it possible for server administrators to reduce or eliminate the vectors by which XSS can occur by specifying the domains that the browser should consider to be valid sources of executable scripts. |
| 62 |
62 |
|
| 63 |
63 |
For a list of available policies, see e.g. this [[Mozilla page>>url:https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy||_target="blank"]]. |
