Forum Discussion

Tal_Luzon's avatar
Tal_Luzon
Icon for Nimbostratus rankNimbostratus
Nov 17, 2019

Bot defense adds CSP and breaks application

When using bot defense (v14.1.2.1) CSP (Content-Security-Policy) header is added with "script-src 'self' 'nonce-s3u4r9SWBL0Pi3M9jlb46Jv';

 

I couldn't find a way to get rid of this behavior, do you know of one?

If there isn't a way I'd like to try and remove this string.

 

How do I use regex groups to remove only this string as the CSP has additional properties

I want to replace this:

Content-Security-Policy: script-src 'self' 'nonce-s3u4r9SWBL0Pi3M9jlb46Jv'; frame-ancestors 'self' www.mysite.com

with this:

Content-Security-Policy: frame-ancestors 'self' www.mysite.com

 

something like using:

(script-src 'self' '.*'; )(frame-ancestors 'self' .*)

 

and replace it with only the second group of the regex match.

 

Thanks!