CSP Security managing
# help-with-umbracoj
jonroberts
10/30/2023, 8:31 AMWe have a multi site CMS using 12. Can anyone recommend the best way to manage CSP. It would be great to allow Admins to manage the list via the CMS but is this wise to do?
m
Matt Wise
10/30/2023, 8:35 AM#882981290662580264 might be of interest to you 🙂
Matt Wise
10/30/2023, 8:36 AMj
jonroberts
10/30/2023, 8:39 AMGreat - thanks. Will you be updating this up to 13 when it is out?
m
Matt Wise
10/30/2023, 8:46 AMas far as I am aware there is no breaking changes in 13 that will cause an issue, I will likely add.NET 8 build which will target it
j
jonroberts
10/30/2023, 8:53 AMGreat - thank you so much for sharing
jonroberts
10/30/2023, 9:28 AM@Matt Wise - can I ask a slightly sepereate question - how would you recommend adding Security Headers to the site? There is the Middleware approach or we could include a webconfig to the site and add them to the httpProtocol section. We seem to have better luck going down the webconfig - but I wanted to ask you in case you had a better way to do this. I hope you don't mind me asking
m
Matt Wise
10/30/2023, 9:36 AMIf your hosting supports the web.config it makes sense as then IIS for example handles it instead of your code
j
jonroberts
10/30/2023, 9:55 AMGreat - thanks
2 Views