I have a set of Python back-end services deployed in a Linux box.
I found the "Missing or insecure Content-Security-Policy header" vulnerability in them using IBM AppScan. Which suggests Configure your server to use the "Content-Security-Policy" header with secure policies.
I tried to resolve the issue by adding a Content-Security-Policy header in httpd.conf file as below, but none of them are working.
I tired all these combinations:
1> Header set Content-Security-Policy "frame-ancestors xxx.xx.xxx.115"
2> Header set Content-Security-Policy "default-src 'self'"
3> Header set Content-Security-Policy "default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'"
This will be helpful if anyone can provide me some solution to resolve this issue.
I was referring the post https://stackoverflow.com/a/40248391.
