Hi All,
In one of my application I need to Hide/remove unsafe-inline, unsafe-eval and Server version from response header
I need help to achieve the same
Regards
Shashikant Shukla
Hi Shashikant,
If I'm not mistaken the unsafe-inline and unsafe-eval are automatically added by the platform when you configure the Content Security Policy via LifeTime security settings. I'm not sure if there's a way to remove them.
The Server version header you can remove by changing the web.config file either directly in IIS (for On-Premises environments only) or by using Factory Configuration tool.
More info: Remove Server Header in IIS 10.0
If you are on OutSystems Cloud, you would only have the option to use Factory Configuration tool in order to change the web.config file.
Hope this helps!
Regards,
Nordin
Hi Nordin,
Thank you for your input.
I am having OutSystems Cloud so can you please help me how I can do it using Factory Configuration tool.
Thanks in advance.
Hi Shashi,
Were you able to remove unsafe-eval and unsafe-inline using factory configuration?