AddContentSecurityPolicyButTrust(IEnumerable<String>,IEnumerable<String>,IEnumerable<String>,IEnumerable<String>,IEnumerable<String>,Boolean,Boolean,Boolean,FramesPolicy,Boolean) Method

Adds the content security policy but trust provided configurations (browser only).

Syntax

ISecurityHeadersBuilder AddContentSecurityPolicyButTrust( 
   IEnumerable<string> mediaSites,
   IEnumerable<string> scriptsSites,
   IEnumerable<string> imagesSites,
   IEnumerable<string> cssSites,
   IEnumerable<string> defaultSites,
   bool trustSelf,
   bool allowObjectSource,
   bool allowInline,
   FramesPolicy frames,
   bool reportOnly
)

Parameters

mediaSites: The media sites.
scriptsSites: The scripts sites.
imagesSites: The images sites.
cssSites: The CSS sites.
defaultSites: domains that are trusted by default
trustSelf: Indicates that you trust the hosting site (default)
allowObjectSource: if true it may merge 'self' if trustSelf is set and default sites are populated, else it will be disabled via policy
allowInline: if set to true then allow the in-line use of CSS JavaScript.
frames: The frames.
reportOnly: if true it will only report violations in the browser, the firewall however will detect the violation and will trigger the appropriate firewall rules for CSP violators as well as flag the user as such

Return Value

SecurityHeadersBuilder.

Remarks

Content can be filtered when CSP violations have been detected post rendering after a browser reports it. Please note that malicious bots do not care about CSP policies and will use it to attack your site using exactly these policies that you think you're protecting against.

Requirements

Target Platforms: Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

Reference

ISecurityHeadersBuilder Interface
ISecurityHeadersBuilder Members
Overload List