Optimizely Customer Feedback

Describe the challenge you're encountering and your desired outcome. Be as detailed as possible.

For technical issues please head to Support or our Developer Community.

You can assign up to 10 votes in total. Thank you for your feedback!

Workspace Content Cloud
Categories Forms
Created by Guest
Created on Jan 20, 2021

Make EpiServer Forms compatible with Content Security Policy (without 'unsafe-*')

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement to distribution of malware.

Current version of EpiServer Forms is not compatible with Content Security Policy (without 'unsafe-*').

This requires us to change EpiServer Form Element to follow directives from our IT-Security apartment.

Please remove/replace all inline CSS and Javascript required to run EpiServer Forms.

Documentation:

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src

  • Guest
    Aug 28, 2021

    @Guest: get in contact with the IT-department at the Swedish Police, they can give you more info on what they have done for polisen.se

  • Guest
    Jul 21, 2021

    @Guest, I'm definitely interested in workarounds for this issue.

  • Guest
    Apr 27, 2021

    Let me know if you want to know how we have done it. Mabe something can be learned from it

  • Admin
    Martin Ottosen
    Apr 19, 2021

    Thanks for bringing this up! Agree this is a good idea, we will explore what possible solutions can be found.

  • Guest
    Apr 6, 2021

    This would definitely help us ALOT! I agree with previous comment.

  • Guest
    Jan 21, 2021

    This would be nice. So many hacks needed to use CSP right now.