Hi,
Is there any place (for instance Lifetime) where I can configure Referrer-Policy HTTP header for all OS applications?
More info here about the HTTP header:
I have looked to OS documentation: "Apply Content Security Policy" but it doesn't seem to be able to config this header.
Best regards,
João
Hi João,
You can change your web.config file to send HTTP Security Headers using Factory Configuration forge component.
You can see here an example.
Kind Regards,João
Facing the same issue. I need to configure the; 'referrer-policy' and the 'permissions-policy'.
I found this part online regarding adding the permissions-policy to the header:
Permissions-Policy: geolocation=(self "https://example.com"), microphone=()
Can someone explain step-by-step where to add this?
Thanks!
Regards,
Jorick
Edit:
For permissions-policy and referrer-policy add this as new configuration and assign it to the espaces.
<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="xml" indent="yes" encoding="UTF-8"/>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="/configuration/system.webServer/httpProtocol/customHeaders">
<add name="Referrer-Policy" value="no-referrer" />
<add name="Permissions-Policy" value="no-referrer" />
</xsl:stylesheet>
Like João Marques tried to explain.
You can follow the steps explain here and then add the attached shared configuration to the form.
Don't forget do publish module after appling the settings in Factory Configuration.
You can check in network if the Header was applied as you expected.