parrishk Posted December 23, 2020 Posted December 23, 2020 Good day! I was recently configuring remote session launcher and was unable to due the Content Security Policy not allowing "psrsl://*" on the 'default-src'. Once I added this to the header it worked as expected. My question is, can you provide a list of default headers that are now included in Passwordstate and should psrsl://* be included by default?
support Posted December 23, 2020 Posted December 23, 2020 Hello, With our Client Based Launcher, psrsl is only required as a configuration in Chrome - we have not added any security headers for this launcher, so the behaviour you've explained above is a bit unusual. The headers we add to the payload are: Embedded in Code Response.AddHeader("x-frame-options", "SAMEORIGIN") Response.AddHeader("X-XSS-Protection", "1; mode=block") Response.AddHeader("X-Content-Type-Options", "nosniff") Response.AddHeader("Referrer-Policy", "same-origin") Response.Headers.Remove("Server") In Web.config file <customHeaders> <add name="X-UA-Compatible" value="IE=edge" /> <add name="Cache-Control" value="max-age=0, no-cache, must-revalidate" /> <add name="Expires" value="Thu, 01 Jan 1970 00:00:00 GMT" /> <add name="Pragma" value="no-cache" /> <remove name="X-Powered-By" /> <add name="Strict-Transport-Security" value="max-age=31536000" /> </customHeaders> Regards Click Studios
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now