(Optional) Configuring Content Security Policy

Oracle Argus Safety supports the use of modern browser as their user interface. Modern browsers have defense-in-depth controls to mitigate cross-site scripting (XSS), click jacking, and cross-site leak vulnerabilities by leveraging the Content Security Policy standards. These controls add a secondary level of protection, in addition, to the usual Oracle Argus Safety security application controls. Though these securities are optional as per the Customer Security Policy, you may apply the following, in case, you want the Content Security Policy.

Implement the following Content Security Policy configurations in IIS:

frame-ancestors 'self' *."ArgusSafetyDomain":* ;
default-src *."ArgusSafetyDomain":* *.” 'self'; 'unsafeinline'
'unsafe-eval'

Here, the domains ArgusSafetyDomain is a sample domain, and must be changed to your organizational domains.

For more information, go to My Oracle Support, and search for the Content Security Policy for Argus Safety and Argus Insight (Doc ID 2891772.1).