CSP headers on Sitecore

  • Description

    Sitecore Client User Interface does not support Content Security Policy (CSP) headers out of the box due to the dependency on unsafe scripts (the EVAL function and inline Javascript). Customers can configure CSP headers on a Sitecore instance by themselves, but in such case, the CSP definition for Content Management (CM) instance should definitely allow unsafe-inline and unsafe-eval scripts for the mapped CM hostname(s).

Applies to:

CMS 6+

May 03, 2019
May 20, 2019

Reference number: