CM 8.x Query

[msk69]

Hi we have latest CM release installed on VM machine with latest update patches. From our IT security team we get a warning message as mention below
After security assesment of CM we found below warning

"Missing or insecure "Content-Security-Policy" header "
As par security survey Config your server to use the "Content-Security-Policy" header with secure policies.

Can some body help in this?

 

[biglebowski]

I'd ask them why they see it as a risk.

I know there is a specific option in AADS to disable permissions for cross site scripting (XSS) which does generate the header but don't know if it's available in SMGR etc.

Not sure if Avaya will have any guides for adding a CSP header to the SMGR web server, you may need to raise a ticket with them.


Biglebowskis Razor - with all things being equal if you still can't find the answer have a shave and go down the pub.

 

[msk69]

Hi biglebowski,

This warning msg coming from communication Manager. Anymore advise??