Hi everyone,
does anyone has set some custom value in any part of AEMaaCS dispatcher configuration????
We're dealing with it since many months, but it appears that one can apply own filters, rewrite_rules, caching...but nothing happens with values added to /custom_farm.any & customo.vhost! It's very frystrating!
For example, we just need to add the following header:
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com;"
And from official docs we added in our .vhost file the following value:
...
<IfModule mod_headers.c>
Header add X-Vhost "customTestVHost"
Header add Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com;"
</IfModule>
...
We tried using Header set, Header always append...nothing!
I underline that we changed also a value that usually we can see in every headers (X-Vhost), just to see if our changes were digested...nothing! Network tracking always show default Response Headers! Even the VHost, as you can see,
remain the one in default.vhost....but the build logs shows that alway's went well, and same results validating locally the dispatcher! It's really frustrating...What do we're doing wrong? Someone has a suggestion?
Regards
Solved! Go to Solution.
Use Header always set to add Content-Security-Policy header as below in VHost file
<IfModule mod_headers.c>
Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com;"
</IfModule>
Can you try following ways.
<VirtualServer> ~Bits of important stuff here~ <IfModule headers_module> RequestHeader set X-HTTPS 1 Header set Content-Security-Policy "default-src 'self' 'unsafe-inline' www.blackhillsinfosec.com fonts.googleapis.com;” </IfModule> ~more bits of important stuff~ </VirtualServer>
2. HTML meta tags in page properties.
<meta http-equiv="Content-Security-Policy" content="script-src 'self'">
Use Header always set to add Content-Security-Policy header as below in VHost file
<IfModule mod_headers.c>
Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; script-src 'self' www.google-analytics.com ajax.googleapis.com;"
</IfModule>
Hi guys, thanks for both the answers, very precious, we solved the issue
Regards
Views
Likes
Replies