Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CM 8.x Query

Status
Not open for further replies.

msk69

MIS
May 29, 2020
335
PK
Hi we have latest CM release installed on VM machine with latest update patches. From our IT security team we get a warning message as mention below
After security assesment of CM we found below warning

"Missing or insecure "Content-Security-Policy" header "
As par security survey Config your server to use the "Content-Security-Policy" header with secure policies.

Can some body help in this?
 
I'd ask them why they see it as a risk.

I know there is a specific option in AADS to disable permissions for cross site scripting (XSS) which does generate the header but don't know if it's available in SMGR etc.

Not sure if Avaya will have any guides for adding a CSP header to the SMGR web server, you may need to raise a ticket with them.


Biglebowskis Razor - with all things being equal if you still can't find the answer have a shave and go down the pub.
 
Hi biglebowski,

This warning msg coming from communication Manager. Anymore advise??
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top