Skip to Main Content
Customer Feedback

We love feedback from you on our products and the problems in your daily work that you would like us to solve. Please describe the challenge you're encountering and your desired outcome. Be as detailed as possible.

For technical issues or bugs please head to Support or our Developer Community. You can assign up to 20 votes in total. Thank you for your feedback.

Status explanation: 'Future Consideration' = Continuing to collect further feedback, not planned at this time. 'Investigating' = Prioritized for deeper customer and feasibility investigations ahead of planning development.

Status Investigating
Categories Forms
Created by Guest
Created on Jan 20, 2021

Make EpiServer Forms compatible with Content Security Policy (without 'unsafe-*')

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement to distribution of malware.

Current version of EpiServer Forms is not compatible with Content Security Policy (without 'unsafe-*').

This requires us to change EpiServer Form Element to follow directives from our IT-Security apartment.

Please remove/replace all inline CSS and Javascript required to run EpiServer Forms.

Documentation:

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src

  • Guest
    Reply
    |
    Jun 4, 2024

    any update?

  • Guest
    Reply
    |
    Mar 17, 2024

    Any status update?

  • Guest
    Reply
    |
    Aug 28, 2021

    @Guest: get in contact with the IT-department at the Swedish Police, they can give you more info on what they have done for polisen.se

  • Guest
    Reply
    |
    Jul 21, 2021

    @Guest, I'm definitely interested in workarounds for this issue.

  • Guest
    Reply
    |
    Apr 27, 2021

    Let me know if you want to know how we have done it. Mabe something can be learned from it

  • Optimizely
    Martin Ottosen
    Reply
    |
    Apr 19, 2021

    Thanks for bringing this up! Agree this is a good idea, we will explore what possible solutions can be found.

  • Guest
    Reply
    |
    Apr 6, 2021

    This would definitely help us ALOT! I agree with previous comment.

  • Guest
    Reply
    |
    Jan 21, 2021

    This would be nice. So many hacks needed to use CSP right now.