To continue broading the CSP support now 2 new directives are supported: base-uri
and object-src
With these two new directives support Liferay DXP covers all the directives recommended in the Google CSP Evaluator.
Key Benefits:
Enhanced Security: Mitigates risks of XSS and data injection attacks by controlling resource loading and execution.
Compliance-Friendly: Aligns with industry-standard security requirements, supporting stricter compliance protocols.
Customizable Policies: Allows developers to tailor CSP directives to meet specific project or organizational needs.
Improved Trust: Strengthens end-user trust by providing a more secure and reliable platform experience.
Supported directives with recommended values: