AddContentSecurityPolicyButTrust(TrustingSites,String[],Boolean,FramesPolicy,Boolean) Method

Determine what to trust, if only your own domain or those you flag trustworthy, and if external images or scripts are allowed to be injected

Syntax

ISecurityHeadersBuilder AddContentSecurityPolicyButTrust( 
   TrustingSites trustingSites,
   string[] additional,
   bool allowInline,
   FramesPolicy framesPolicy,
   bool reportOnly
)

Parameters

trustingSites: the list of sites you like to trust
additional: additional dost sources
allowInline: AllowRaiseIncident in-line css and script, not advisable as it brakes security but sometimes needed
framesPolicy: the frame policy used
reportOnly: if true it will only report violations in the browser, the firewall however will detect the violation and will trigger the appropriate firewall rules for CSP violators as well as flag the user as such

Return Value

returns the SecurityHeadersBuilder for continuance

Remarks

Content can be filtered when CSP violations have been detected post rendering after a browser reports it. Please note that malicious bots do not care about CSP policies and will use it to attack your site using exactly these policies that you think you're protecting against.

Requirements

Target Platforms: Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

Reference

ISecurityHeadersBuilder Interface
ISecurityHeadersBuilder Members
Overload List