BOster
Legendary Poster
Where do we configure the Content-Security-Policy for the JAS server to list other servers/domains that will allow content from another server to be embedded in an APPL (web page) served up by that server?
Further Explanation:
We need to embed a URL from another server in a Media Object control in an APPL. The implementation for the media object control uses an iframe to embed the URL/content from the other server. This is very similar in concept to CafeOne and E1Pages. Modern browsers such as Chrome/FF/Edge, etc. now have security that doesn't allow this without an HTML response header Content-Security-Policy that explicitly lists the server/domain. I assume that this would be configured in the Oracle WebLogic/HTTP server but I don't know exactly where or if that is the correct approach for a JAS server running on WebLogic.
See also:
https://content-security-policy.com/
Further Explanation:
We need to embed a URL from another server in a Media Object control in an APPL. The implementation for the media object control uses an iframe to embed the URL/content from the other server. This is very similar in concept to CafeOne and E1Pages. Modern browsers such as Chrome/FF/Edge, etc. now have security that doesn't allow this without an HTML response header Content-Security-Policy that explicitly lists the server/domain. I assume that this would be configured in the Oracle WebLogic/HTTP server but I don't know exactly where or if that is the correct approach for a JAS server running on WebLogic.
See also:
https://content-security-policy.com/
