Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement to distribution of malware.
I would like to add on to this feature request. The ScreenConnect application utilizes a lot of in-line scripts and as of today, it is recommended from support that we use the "unsafe-inline" option with the CSP, which basically makes it worthless. The application needs to be written with security in mind, if that means that its functions need to be updates so it is not using in-line scripts, then that is what is needed. This is a highly privileged platform, there should be no compromise when it comes to security.
we need this to be added so we can sleep better at night.
Custom headers, including the CSP headers, can be defined within the Security Toolkit extension.
I would like to add on to this feature request. The ScreenConnect application utilizes a lot of in-line scripts and as of today, it is recommended from support that we use the "unsafe-inline" option with the CSP, which basically makes it worthless. The application needs to be written with security in mind, if that means that its functions need to be updates so it is not using in-line scripts, then that is what is needed. This is a highly privileged platform, there should be no compromise when it comes to security.