| ... |
... |
@@ -148,6 +148,10 @@ |
| 148 |
148 |
|http.header.hsts.sub|false|Whether the HTTP Strict Transport Security should be applied to sub domains as well. You can also change this setting [[in the system settings menu >>doc:Formcycle.SystemSettings.UserInterface.General.WebHome]]. |
| 149 |
149 |
|http.header.serverid.name |(not available)|Specifies the header name with which the //system.server.id// is written to all requests. If this entry exists but is empty the corresponding header will not be set. If the entry does not exist the default //XFC-Server-Id// is used. |
| 150 |
150 |
|http.param.serverid.name |(not available)|Specifies the name of the URL parameter used to append the //system.server.id// to the form submission URL. If the value is empty or not available, no parameter will be appended. |
|
151 |
+|http.header.csp.backend {{version major="7" minor="2" patch="1" /}}|(empty)|Sets the value for the HTTP headder //Content-Security-Policy// in the backend (configuration UI). You can also edit this value in the backend via the menu System, General. |
|
152 |
+|http.header.csp.frontend {{version major="7" minor="2" patch="1" /}}|(empty)|Sets the value for the HTTP headder //Content-Security-Policy// in the frontend (web form). You can also edit this value in the backend via the menu System, General. |
|
153 |
+|http.header.csp.reportonly.backend {{version major="7" minor="2" patch="1" /}}|(empty)|Sets the value for the HTTP headder //Content-Security-Policy-Report-Only// in the backend (configuration UI). You can also edit this value in the backend via the menu System, General. |
|
154 |
+|http.header.csp.reportonly.frontend {{version major="7" minor="2" patch="1" /}}|(empty)|Sets the value for the HTTP headder //Content-Security-Policy-Report-Only// in the frontend (web forms). You can also edit this value in the backend via the menu System, General. |
| 151 |
151 |
{{/table}} |
| 152 |
152 |
|
| 153 |
153 |
== Debug == |
