Hi!

I am working on implementing a Content Security Policy at my organization and didn't find the option to activate the 'Report-Only' header.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only

Is this not possible in Outsystems? Or do I need a trick that I don't know about.

I would really like to validate my CSP before making it final.


Thanks!

Laurens

Hi Laurens, 

Have you tried using the AddHeader action from the HTTPRequestHandler extension ?

You can find it on Manage Dependencies.

Hi,

No I haven't tried that since I don't want to go into all of my code to just add this header manually.

The way to do it now is via Lifetime so I kinda expected it to be an option there.