CSP (Content Security Policy) for Web Applications

To help you secure your web pages, Visual LANSA supports the Content Security Policy (CSP) standard.

CSP prevents cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context using a whitelist of sources of trusted content in web page HTTP headers.

The Content Security Policy external resources are created in the Partition CSP folder. LANSA ships three sample Content Security Policy samples (xStrict, xMedium and xLow) with descending level of restrictions. Use these samples as a starting point for creating your own Content Security Policy files.

CSP resources can be associated with either Visual LANSA Web pages or WAMs.

Editing CSP Files