The “Content-Security-Policy” header is designed to modify the way browsers render pages, and thus to protect from various cross-site injections, including Cross-Site Scripting. It is important to set the header value correctly, in a way that will not prevent proper operation of the web site. For…

Add "Content-Security-Policy" header

kirkpabk (Brian Kirkpatrick) November 9, 2020, 1:01pm 7

@sonarsourcers, any update on the CSP Header? In particular, adding some of the more “safe” representations such as

Content-Security-Policy: frame-ancestors ‘self’

seem prudent. There may be others.

Topic		Replies	Views
CSP headers configuration for SonarQube with SSL through IIS reverse proxy SonarQube Server / Community Build sonarqube , iis	3	1768	May 25, 2023
XSS Attack Prevention SonarQube Server / Community Build	5	2250	May 2, 2019
Validating http security headers for SonarQube 7.x.x SonarQube Server / Community Build security	2	791	August 3, 2020
Require technical details for SonarQube 7.9.1 LTS (mentioned in Description below) SonarQube Server / Community Build	0	617	November 5, 2020
Bootstrap blocked by csp Plugin Development	3	725	March 31, 2023