AddContentSecurityPolicyButTrust(IEnumerable<String>,IEnumerable<String>,IEnumerable<String>,IEnumerable<String>,IEnumerable<String>,Boolean,Boolean,Boolean,FramesPolicy,Boolean) Method

Adds the content security policy but trust.

Syntax

public ISecurityHeadersBuilder AddContentSecurityPolicyButTrust( 
   IEnumerable<string> mediaSites,
   IEnumerable<string> scriptsSites,
   IEnumerable<string> imagesSites,
   IEnumerable<string> cssSites,
   IEnumerable<string> defaultSites,
   bool trustSelf,
   bool allowObjectSource,
   bool allowInline,
   FramesPolicy frames,
   bool reportOnly
)

Parameters

mediaSites: The media sites.
scriptsSites: The scripts sites.
imagesSites: The images sites.
cssSites: The CSS sites.
defaultSites: domains that are trusted by default
trustSelf: indicate you trust the hosting web service
allowObjectSource: if true it will merge self and default sites, else it will be disabled via policy
allowInline: if set to true then allow the in-line use of CSS JavaScript, this is not recommended but not allowed by default.
frames: The frames.
reportOnly: if true it will only report violations in the browser, the firewall however will detect the violation and will trigger the appropriate firewall rules for CSP violators as well as flag the user as such

Return Value

SecurityHeadersBuilder.

Requirements

Target Platforms: Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

Reference

HeaderConfig Class
HeaderConfig Members
Overload List