Content Security Policy

Description

A Content Security Policy (CSP) is a security feature that helps prevent cross-site scripting (XSS), clickjacking, and other code injection attacks by controlling which resources a web page is allowed to load. It works by specifying a set of rules (via HTTP headers or meta tags) that define trusted sources for content like JavaScript, CSS, images, fonts, and more.

By restricting where content can be loaded from, CSP helps ensure that only safe, expected resources are used—reducing the risk of malicious code execution.

LogicNets Mandatory CSP

In LogicNets Release version 8.3 and later, the System Configuration package contains LogicNets mandatory CSP items. These are set to read-only and cannot be edited.

Your Custom CSP

In addition, you can add your own CSP terms by clicking on the ADD icon (highlighted green) to the far right of the custom table. Enter the directive reference and value in the grid (highlighted yellow).

Earlier Versions of LogicNets CSP

In earlier versions of LogicNets (Release 8.2 and before), the CSP is written as placeholder text that can be fully modified.

Copy the default CSP from here, and make edits and additions as required.

default-src 'self'; script-src 'self' www.gstatic.com www.google.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com http://localhost:41666 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' validator.swagger.io www.google.com 'unsafe-inline' www.google-analytics.com https://googleads.g.doubleclick.net https://code.highcharts.com data: blob: ; connect-src 'self' www.google-analytics.com www.googletagmanager.com http://localhost:41666; frame-src 'self' www.google.com https://login.microsoftonline.com/; font-src 'self' fonts.gstatic.com;

Additional Information

For more information on Content Security Policies in general see also https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP.