LogoDOCUMENTATION

SELECT PRODUCT DOCUMENTATION

Sitefinity CMSSitefinity InsightSitefinity CloudKnowledge Base
Setup and maintenance
Set up the ASP.NET Core renderer
Set up Next.js renderer
User registration
Multisite
SiteSync
Site search
Languages and Translations
Notifications
Load balancing
Workflows
Page settings
Content related settings
Libraries settings
SEO settings
Other settings
Connect Sitefinity CMS to other systems
Optimize performance
Monitoring and Logging
HomeSet up the ASP.NET Core rendererContent-Security-Policy (CSP) HTTP response headerDisable the Content-Security-Policy header

Disable the Content-Security-Policy header

RECOMENDATION: We do not recommend disabling the Content-Security-Header. This can make your site vulnerable to various attacks, such as Cross-Site Scripting (XSS). We recommend configuring the header instead.
For more information, see Configure Content-Security-Policy header.

To disable sending the header, perform the following:

  1. Open the Program.cs file of Sitefinity ASP.NET Core Renderer.
  2. Modify the services section in the following way:
    C#
    using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Hosting;

using Progress.Sitefinity.AspNetCore;
using Progress.Sitefinity.AspNetCore.FormWidgets;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.

// Disable CSP header
builder.Services.AddSitefinity(x => x.CspOptions.Disabled = true); 

builder.Services.AddViewComponentModels();	
builder.Services.AddFormViewComponentModels();	

var app = builder.Build();	

// Configure the HTTP request pipeline.	
if (app.Environment.IsDevelopment())	
{	
    app.UseDeveloperExceptionPage();	
}	
else	
{	
    app.UseExceptionHandler("/Error");	
    app.UseHsts();	
}	

app.UseStaticFiles();	
app.UseRouting();	
app.UseSitefinity();	

app.UseEndpoints(endpoints =>	
{	
    endpoints.MapSitefinityEndpoints();	
});	

app.Run();
  3. Save and close the Program.cs file.
  4. Build and deploy the renderer application.
Want to learn more?
Enhance your Sitefinity skills by enrolling in free training sessions. Become Sitefinity certified through Progress Education Community to strengthen your professional credentials.
course-book
Get started with Integration Hub | Sitefinity Cloud
This free lesson teaches administrators, marketers, and other business professionals how to use Sitefinity Integration Hub to create automated workflows between Sitefinity and other business systems.
course-book
Web Security for Sitefinity Administrators
This free lesson teaches administrators the basics about protecting your Sitefinity instance and your sites from external threats. Configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.
course-book
Foundations of Sitefinity ASP.NET Core Development
The free on-demand video course teaches developers how to use Sitefinity ASP.NET Core and take advantage of its decoupled architecture and modern development model.
New to Sitefinity?
Get a demoPlatform overview
Documentation
About Sitefinity
Resources
Learn
New to Sitefinity
+1-888-365-2779