SAP Knowledge Base Article - Preview

3008779 - Neo Fiori Portal Missing HTTP Header Content Security Policy (CSP)

Symptom

To increase the security of the web applications, some HTTP headers can be used to instruct the browser to follow certain rules. This may prevent attacks or make them more difficult to execute.

CSP HTTP header should be evaluated to be included in the web application.

Content Security Policy
CSP is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for various purposes such as data theft, site defacement, distribution of malware, etc.


Read more...

Environment

SAP Cloud Platform

Product

SAP Cloud Platform 1.0 ; SAP Cloud Platform Launchpad 1.0 ; SAP HANA, platform edition 2.0

Keywords

KBA , CA-FLP-FE-AI , Fiori Launchpad Application Integration , BC-NEO-RT-HTML5 , Runtime HTML5 Applications , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.