How do you find the Content Security Policy in ONTAP
Applies to
- ONTAP 9.x
- ONTAP System Manager
- Content Security Policy
Answer
** NOTE Content Security Policy is built into ONTAP OS is not meant to be changed. **
cat /mroot/etc/www/svcs/sysmgr/svc.conf
ServiceName sysmgr
ServiceDefault On
ServiceVersion 1.0.0
ServiceDesc "OnCommand System Manager"
ServiceDescLong "The OnCommand System Manager web service"
ServiceRoot /sysmgr
ServiceRestrictRootChange Off
ServiceRestrictLocal Off
ServiceRequires rest>0.0.0 disco>0.0.0
ServiceRoles admin readonly
ServiceCapabilities web.system_manager
ServiceRestrictVserver cluster
ServiceSslOnly On
Header always set Content-Security-Policy "default-src 'self' https://api.bluexp.netapp.com https://cloudmanager.cloud.netapp.com https://api.services.cloud.netapp.com https://services.cloud.netapp.com https://activeiq-link.netapp.com https://api.activeiq.netapp.com https://gql.aiq.netapp.com https://api.support.netapp.com; script-src 'self' 'unsafe-eval' https://services.cloud.netapp.com; img-src 'self' data: ; font-src 'self' ; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; object-src 'none'"
Header always setifempty X-Frame-Options SAMEORIGIN
Header always set X-XSS-Protection "1; mode=block"