Article - CS407954
Content Security Policy (CSP) headers support in ThingWorx Platform
Modified: 02-Sep-2024
Applies To
- ThingWorx Platform 9.3 to 9.5
Description
- Requests to ThingWorx from or through Nginx are showing the wrong requests headers for Content Security Policy (CSP) when accessing the base, “/ThingWorx”, or “index.html” page
- How can the "/ThingWorx" page/extension show the intended "default-src" instead of "frame-ancestors" ?
- Unable to configure Content-Security-Policy: default-src 'self' HTTP security header in ThingWorx
- Information regarding implementing Content Security Policy (CSP) in ThingWorx Platform
This is a printer-friendly version of Article 407954 and may be out of date. For the latest version click CS407954