cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

How to create and add Content-Security-Policy in SAP Commerce Cloud?

Go to solution
SAPSupport
Employee
Employee

on ‎2024 Sep 26 9:51 PM

0 Kudos
608

Dear SAP,

We are planning to integrate our Storefront with a third party service, which requires to be whitelisted in a Content-Security-Policy (CSP) in order to successfully work, but I am not sure how and where to create it. 

Any ideas?

Thanks in advance! 


------------------------------------------------------------------------------------------------------------------------------------------------
Learn more about the SAP Support user and program here.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

SAPSupport
Employee
Employee
‎2024 Sep 26 9:51 PM

Hello there!

The Content-Security-Policy has different approaches based on the Storefront you are running: For the Accelerator Storefront, it is configured through the property "xss.filter.header.Content-Security-Policy" in the affected endpoint aspect. More information in our documentations:

For the Composable Storefront you need to do it through an HTTP Response Header Set. The KBA 3334671 - Response Header set X-Frame-Options to deny - SAP Commerce Cloud is for a specific scenario, but in its resolution it explains how the Response Header with CSP should be configured:

  • Header Name: Content-Security-Policy
    Header Value: frame-ancestors 'self'{your domains}
    Apply Action: SET
    Apply Condition: ALWAYS

Therefore, kindly create a response header with the desired configuration similar to the above one and assign it to your Composable Storefront.

Kind Regards,
Wesley
SAP Support

Show replies
Show replies

Answers (0)

Ask a Question