- Added layer of security in components accessed using a browser.
- Mitigate Cross-Site Scripting (XSS).
- Mitigate data injection attacks.
Enhance the security of the solution with Content Security Policy HTTP headers on web components.
EO.workspace uses Content-Security-Policy HTTP headers to help reduce cross-site scripting (XSS) risks and other attacks on modern browsers by declaring how dynamic resources are allowed to load. These headers are present in the components that can be accessed by a browser (Web Client and Distributed Session Manager).
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft, to site defacement, to malware distribution.