Does Oracle HTTP Server Support Content Security Policy (CSP) Content-Security-Policy-Report-Only Header and report-uri Header Value
(Doc ID 2698559.1)
Last updated on SEPTEMBER 11, 2023
Applies to:
Oracle HTTP Server - Version 11.1.1.2.0 and laterInformation in this document applies to any platform.
Goal
Explain Oracle HTTP Server's role with Content-Security-Policy(CSP) usage.
Using following two questions as example.
Does OHS support the "report-uri" directive of CSP? e.g.
Header set Content-Security-Policy: "default-src 'self'; report-uri /<APP_NAME>"
Header set Content-Security-Policy: "default-src 'self'; report-uri https://<FQDN>/<APP_NAME>"
Does OHS support the CSP Report Only header "Content-Security-Policy-Report-Only"? e.g.
Header set Content-Security-Policy-Report-Only: "default-src 'self'; report-uri /<APP_NAME>"
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |