Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
Description
Problem Definition
Currently there is no option to configure the Content Security Policy in Crowd. This can cause issues for some customers that may want to update directives such as the default-src directive.
Suggested Solution
As a Crowd admin, I would like to be able to configure the Content Security Policy to control the resources the user agent is allowed to load and help guard against cross-site scripting attacks.