Issue with CSP set as '*' yet still blocking content
Application Type
Traditional Web, Reactive
Platform Version
11.10.4 (Build 29616)

Keeping things simple here, we are having issues in our Production environment where the CSP set in Lifetime appear to not be applying correctly, in that despite both "font-src" and "img-src" directives being set to "*" we are seeing fonts and images being blocked, resulting in massive error log spam (10k entries per week currently). In the web browser, the web request shows the correct values of "font-src: *; img-src: * blob;" yet there are still errors showing that fonts and images are being blocked due to CSP. Really not sure why the CSP that are defined are not what's being reflected by the behavior of the app. No other CSP are defined on the IIS server or on any of the specific applications.

Hi Alexander,

Is it possible for you to share the screen shot CSP values in response headers same as below

Best Regards


Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.