Configuring the content security policy
A content security policy is a type of security provided through the HTTP response header. It specifies the uniform resource locators from where web page resources such as frames, images, and stylesheets are loaded. It helps to prevent common web vulnerabilities such as code injection and cross-site scripting. If you do not define this policy then the browser loads page resources that might have malicious content. For more information about content security policy, see Content security policies
If your Chat implementation uses the Pega cloud collaboration services, update your Pega application to use the AllowPegaCollaborationServices content security policy. For more information on Pega cloud collaboration services, see Pega Cloud Collaboration Services.
- Log in to Dev Studio by entering your administrator credentials.
- Click the Application menu > Definition.
- On the Integrity & security tab, in the Policy name list, select AllowPegaCollaborationServices.
- Click Save.
Previous topic Configuring the chat server in Pega Customer Service Next topic Cross-Site Request Forgery (CSRF)