Content Security Policy Settings
You can specify custom header response rules that modify the default Content-Security-Policy header for particular server resources, or use additional JVM parameters to configure the policy globally for My webMethods Server. Use the following custom JVM parameters to enable or disable the default content security policy, or configure sources of trusted content:
com.webmethods.content.security.disabled - The default value is
false. Set to
true to disable the content security policy.
com.webmethods.content.security.hosts - Use this parameter to supply additional allowed hosts. Separate multiple values with intervals.
For more information about adding JVM properties in the custom_wrapper.conf file for
My webMethods Server, see
Configuring JVM Settings for
My webMethods Server.
For more information about working with response header rules, see
Working with Response Header Rules.