Content Security Policy (CSP)
Last updated
Was this helpful?
Last updated
Was this helpful?
Content Security Policy (CSP) is a layer of security to combat Cross-Site Scripting (XSS). For more information on CSP, please refer to .
Valtimo offers strongly typed CSP configuration through its environment files. In order to add this to your implementation, install version 11.2.0
or higher of the front-end libraries.
It is advised to create a new folder in your implementation: src/environments/csp
. In this folder, you will create a file defining a CSP policy for each environment your implementation is deployed to.
For a CSP for our development environment, we might define the following:
src/environments/csp/csp.dev.ts
After defining your policy in a separate file, import it in the environment file in which you want to use it. Next, add it under the key csp
. After deploying your application, CSP headers should be added to the document head before app initialization.
src/environments/environment.ts
The optional property csp
in your environment file must refer to an object of type CSPHeaderParams
, which is exported by the library csp-header
. This library has many features which you can optionally use to add further flexibility to your CSP policy. Please refer to its to see what is possible.