{"id":2773,"date":"2019-04-08T19:39:42","date_gmt":"2019-04-08T14:09:42","guid":{"rendered":"https:\/\/www.idslogic.com\/blog\/?p=2773"},"modified":"2025-02-24T18:32:06","modified_gmt":"2025-02-24T13:02:06","slug":"how-to-configure-the-security-policies-and-http-response-headers","status":"publish","type":"post","link":"https:\/\/www.idslogic.com\/blog\/how-to-configure-the-security-policies-and-http-response-headers","title":{"rendered":"How to Configure the Security Policies and HTTP Response Headers"},"content":{"rendered":"

In this section, we will show how to configure Sitefinity CMS that comes with a set of predefined security policies. The Web security module reads the configuration for each security policy and sets the value of the corresponding HTTP response headers. This feature is upgraded to\u00a0Sitefinity versions\u00a011.0 and above.<\/span><\/p>\n

When configuring the security policy for Sitefinity CMS website, you can define the\u00a0Content-Security-Policy HTTP response header for different types of content. The value of the\u00a0Content-Security-Policy\u00a0contains one or more directives that define the valid sources for each type of content. <\/span><\/p>\n

When setting the Content-Security-Policy HTTP header, Sitefinity backend stopped working, issuing some errors in the JavaScript console on the browser.<\/span><\/p>\n

Follow These Steps to Fetch Records that are Given Below:<\/strong><\/span><\/p>\n

Step 1:<\/strong> <\/span>Go to the Administration >> Modules & Services<\/strong><\/span> and check if the Web Security module<\/strong><\/span> is activated or deactivated. If the Web Security module<\/strong><\/span> is deactivated, then first activate this module, after that, follow these steps to configure external resources on the website.<\/span><\/p>\n

\n

Step 2: <\/strong><\/span>Navigate\u00a0to Administration \u00bb Settings \u00bb Advanced \u00bb WebSecurity \u00bb HttpSecurityHeaders \u00bb Response Headers \u00bb Content-Security-Policy<\/strong><\/span><\/span><\/p>\n

Your default configuration displays like this.<\/span><\/p>\n

\"step
Image Source: progress.com<\/figcaption><\/figure>\n
\n

Step 3:<\/strong> <\/span>Now we have to implement a demo for an external image.<\/span><\/p>\n

Image source in HTTP header value will display like this \u2018img-src ‘self\u2019<\/strong><\/span><\/span><\/p>\n

\"step
Source: progress.com<\/figcaption><\/figure>\n
\n

Step 4:<\/strong> <\/span>Now check on Frontend, the images are not loaded properly because there are Content Security Policy directive: “img-src ‘self’ error.<\/em><\/strong><\/span><\/span><\/p>\n

To fix this error, please follow Step 5<\/strong><\/span> as given below:<\/span><\/p>\n

\"step
source progress.com<\/figcaption><\/figure>\n
\n

Step 5:<\/span><\/strong><\/span> Navigate\u00a0to Administration \u00bb Settings \u00bb Advanced \u00bb WebSecurity \u00bb HttpSecurityHeaders \u00bb Response Headers \u00bb Content-Security-Policy<\/strong><\/span><\/span><\/p>\n

Add the domain name (like as:<\/em> https:\/\/freeiconshop.com<\/em><\/strong><\/span>)<\/em> to the right after “img-src ‘self’<\/em><\/strong><\/span><\/span><\/p>\n

\n

Step 6:<\/strong> <\/span>After adding the domain Image source in HTTP header value will display like this<\/span><\/p>\n

\u2018<\/strong>img-src ‘self\u2019 https:\/\/freeiconshop.com\/ *<\/strong><\/span><\/p>\n

\"step
source: progress.com<\/figcaption><\/figure>\n
\n

Step 7<\/strong>:<\/span> After Save changes in the HTTP header value images loaded perfectly.<\/span><\/p>\n

\"How-to-Configure-the-Security-Policies-and-HTTP-Response-Headers\"<\/a><\/p>\n

Also Read:<\/strong><\/span>\u00a0Get to Know the Latest Features of Sitefinity 11.2 Release<\/span><\/a><\/span><\/p>\n

Contributed By:<\/strong><\/span><\/p>\n

Arunodaya Kumar<\/p>\n","protected":false},"excerpt":{"rendered":"

In this section, we will show how to configure Sitefinity CMS that comes with a set of predefined security policies. The Web security module reads the configuration for each security policy and sets the value of the corresponding HTTP response…<\/p>\n","protected":false},"author":1,"featured_media":2779,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[251],"tags":[799,798,226],"class_list":["post-2773","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sitefinity","tag-http-response-headers","tag-sitefinity-cms-security","tag-sitefinity-development"],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/posts\/2773","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/comments?post=2773"}],"version-history":[{"count":5,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/posts\/2773\/revisions"}],"predecessor-version":[{"id":10681,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/posts\/2773\/revisions\/10681"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/media\/2779"}],"wp:attachment":[{"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/media?parent=2773"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/categories?post=2773"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.idslogic.com\/blog\/wp-json\/wp\/v2\/tags?post=2773"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}