Disable the Content-Security-Policy header

RECOMENDATION: We do not recommend disabling the Content-Security-Header. This can make your site vulnerable to various attacks, such as Cross-Site Scripting (XSS). We recommend configuring the header instead.
For more information, see Configure Content-Security-Policy header.

To disable sending the header, perform the following:

  1. Open the Program.cs file of Sitefinity ASP.NET Core Renderer.
  2. Modify the services section in the following way:
  3. Save and close the Program.cs file. 
  4. Build and deploy the renderer application. 

Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.

Web Security for Sitefinity Administrators

The free standalone Web Security lesson teaches administrators how to protect your websites and Sitefinity instance from external threats. Learn to configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.

Foundations of Sitefinity ASP.NET Core Development

The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.

Was this article helpful?