Configuring your endpoint settings

Endpoint settings strengthen the security of the communication between IBM® Verify and your user endpoints.

Before you begin

settings

Note: Managing endpoints is a requestable feature, VDEV-41592. To request this feature, contact your IBM Sales representative or IBM contact and indicate your interest in enabling this capability. This public preview might not be available in your location. If you have permission to create a support ticket, create a support ticket with the feature number. Note: IBM Verify trial subscriptions cannot create support tickets.

Content security policy settings

Edit online

A Content Security Policy (CSP) helps to mitigate your browser's vulnerability to XSS attacks.

Before you begin

Customized HTML might include inline JavaScript. Sanitize the HTML content before you upload the file, or set a custom Content Security Policy to prevent inline scripts from running.

Important: The Content Security Policy that you set can prevent inline scripts from running, and can affect the functionality of pages that use customized themes if those themes include inline scripts. If you plan to set a policy that blocks inline JavaScript and have customized themes, review them and remove inline JavaScript.

About this task

A CSP can restrict how the browser interacts with endpoints. It can specify which domains a browser uses as trusted sources and the protocols that are used for data transfer. For more information about CSP, see https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP.

Note: Changing this setting might cause resources not to load on their templates pages.

If you do not want to accept the default setting, continue with this procedure.

Procedure

Select Security > Endpoint settings.
Enter the CSP header that you want to use.
Click Save changes.