To improve security, the process portal includes a configuration parameter that prevents cross-site scripting (XSS) and other browser-based attacks. This configuration parameter is used to enable or disable predefined external policy directives.
This web server configuration is one way to implement the Content Security Policy defense measure. The advantage of this security standard is that rules are stored in the browser that specify which scripts the software is allowed to load and which it is not.
Policy directives currently predefined in the process portal:
default-src 'self' 'unsafe-inline' 'unsafe-eval'
data: blob: *.mapbox.com .etask.de alcdn.msftauth.net login.microsoftonline.com wss://.etask.de;
You can find the relevant configuration parameters CONTENTSECURITYPOLICY and CONTENTSECURITYPOLICYAKTIV under Control Panel - Portal Options - System Configuration.
