Template Files and Content Security Policy
The Advanced Access Control (AAC) template files have been developed for compliance with content security policy (CSP) directives.
Content Security Policy is not enabled for AAC responses by default but can be
enabled by configuring the reverse proxy to add the CSP header to all outgoing responses. In the
reverse proxy configuration file set the following response
header:
[rsp-header-names]
content-security-policy = default-src ‘self’; frame-ancestors 'self'; form-action 'self';Note: The
header can be set on a junction only by setting the same entry in the junction specific stanza
[rsp-header-names:/junction_name].The example content security policy header that is shown above is the level of CSP as is enabled by default for Reverse Proxy responses (other than the junction specific configuration).