How Do I Set a Custom Content-Security-Policy Header?
The Content-Security-Policy
header is a HTTP response header that allows you to restrict resources (such as JavaScript, CSS, and images) that can be loaded in your app and from where. By default, Visual Builder sets an appropriate value for the header, but you can choose to override it for your app.
The default value denies embedding (or allows it if configured in the Security tab of the app-level Settings editor). It also allows the use of scripts and styles imported from HTTPS sources alone, in addition to inline scripts and styles. If this isn't suitable for your app, you can set your own header value by adding the
contentSecurityPolicy
property to the userConfig
element in your application's app-flow.json
file.