Hi!
I am working on implementing a Content Security Policy at my organization and didn't find the option to activate the 'Report-Only' header.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
Is this not possible in Outsystems? Or do I need a trick that I don't know about.
I would really like to validate my CSP before making it final.
Thanks!
Laurens
Hi Laurens,
Have you tried using the AddHeader action from the HTTPRequestHandler extension ?You can find it on Manage Dependencies.
Hi,
No I haven't tried that since I don't want to go into all of my code to just add this header manually.
The way to do it now is via Lifetime so I kinda expected it to be an option there.