Forum Discussion
iRule for Content Security Policy
Hey Guys, hope everyone is well and having a good day.
I'm looking for some help with an iRule that allows me to enable Content Security Policy on a Virtual Server.
Whenever I apply the following, the website breaks (i.e. images don't load, formatting is skewed, etc):
if {!([HTTP::header exists "Content-Security-Policy"])} {
HTTP::header insert Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self'; frame-src 'self'; upgrade-insecure-requests"
I've attached the error that is thrown up by the web server when the above is applied. Based on the error, I was thinking of adding 'unsafe-inline' to my iRule in an attempt to relax the policy.
Does anyone have any experience of applying such a rule? I would be very grateful for any assistance.
Thank you
- zamroni777Nacreous
that error is browser's error message isnt it?
when you configure f5 to modify application layer, you need to coordinate with app developer team to ensure correct result.
unless the app developer moves inlined css to separate css file, then should not such csp header values
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com