Skip to main content

Notifications

Finance | Project Operations, Human Resources, ...
Unanswered

Content Security Policy (CSP) browser attributes inclusion or activation

(0) ShareShare
ReportReport
Posted on by 5

Hi,

I have been reviewing the security controls relating to a Dynamics 365 Finance and Operations installation and I have noticed that there is a lack of Content Security Policy browser directives in the content.

Only "Content-Security-Policy: frame-ancestors 'self'" appears to be active, but we would typically want to define other CSP directives to remove directive ambiguity i.e., missing CSP Directives, with no fall-back.

As I don't operate the environment, is there a config setting where CSP directives can be individually activated?  We allow our users to use Edge, Chrome and Firefox to interact with Dynamics 365, therefore want to provide more contemporary security directives to the client browsers connecting to the service.

What settings exist or is there a recommended approach to implement more granular CSP directives, without breaking any Dynamics 365 content?

Example CSP directive:

  • plugin-types
  • report-uri
  • referrer
  • form-action
  • base-uri
  • sandbox
  • reflected-xss

Other References:

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Announcing Forum Attachment Improvements!

We're excited to announce that attachments for replies in forums and improved…

Vahid Ghafarpour – Community Spotlight

We are excited to recognize Vahid Ghafarpour as our February 2025 Community…

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,965 Super User 2025 Season 1

#2
Martin Dráb Profile Picture

Martin Dráb 230,817 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Product updates

Dynamics 365 release plans