Create and run a Config Engine task for out-of-the-box Content Security Policy resource environment parameters | HCL Digital Experience
The out-of-the-box (OOB) Content Security Policy (CSP) resource environment parameters are set by running a Config Engine task. In addition, parameters are created individually in the WebSphere Application (WAS) Administration console, under the WP_ConfigService resource environment provider custom properties.
Steps to create and run the Config Engine task
- Create a file (csp.custom.properties.xml) and copy the
following contents into the
file:
<?xml version="1.0" encoding="UTF-8"?> <target name="csp-custom-properties"> <wplc-create-res-env-custom-property cell="${CellName}" node="${NodeName}" server="${ServerName}" wasuser="${WasUserid}" waspassword="${WasPassword}" providerName="WP ConfigService" name="csp-enabled" value="false" description="CSP enabled"/> <wplc-create-res-env-custom-property cell="${CellName}" node="${NodeName}" server="${ServerName}" wasuser="${WasUserid}" waspassword="${WasPassword}" providerName="WP ConfigService" name="csp-report-enabled" value="true" description="CSP report enabled"/> <wplc-create-res-env-custom-property cell="${CellName}" node="${NodeName}" server="${ServerName}" wasuser="${WasUserid}" waspassword="${WasPassword}" providerName="WP ConfigService" name="csp-header" value="default-src 'self'; script-src 'self' 'nonce-default'; img-src 'self' data:; style-src 'self' 'nonce-default';" description="CSP header"/> <wplc-create-res-env-custom-property cell="${CellName}" node="${NodeName}" server="${ServerName}" wasuser="${WasUserid}" waspassword="${WasPassword}" providerName="WP ConfigService" name="csp-header-report" value="default-src 'self'; script-src 'self' 'nonce-default'; img-src 'self' data:; style-src 'self' 'nonce-default';" description="CSP report header"/> <wplc-create-res-env-custom-property cell="${CellName}" node="${NodeName}" server="${ServerName}" wasuser="${WasUserid}" waspassword="${WasPassword}" providerName="WP ConfigService" name="csp-replace-string.1" value="<style @<style nonce=\"nonceID\"" description="Add nonce to all style tags"/> <wplc-create-res-env-custom-property cell="${CellName}" node="${NodeName}" server="${ServerName}" wasuser="${WasUserid}" waspassword="${WasPassword}" providerName="WP ConfigService" name="csp-replace-string.2" value="display:none;?=wpthemeDisplayNone" description="Change display:none; to class"/> <wplc-create-res-env-custom-property cell="${CellName}" node="${NodeName}" server="${ServerName}" wasuser="${WasUserid}" waspassword="${WasPassword}" providerName="WP ConfigService" name="csp-replace-string.3" value="clear:both;?=wpthemeClear" description="Change clear:both to class"/> </target>
- Put the file on the server in the following
directory:
/opt/HCL or WebSphere/ConfigEngine/config/includes
- Run the following ConfigEngine task on your primary
node:
ConfigEngine.bat|sh csp-custom-properties -DPortalAdminPwd=wpsadmin -DWasPassword=wpsadmin
- Restart the other Java Virtual Machines (JVM).