Creating a CSP Allowed Directive and Scheme Soft Coding Record
Use the Soft Coding Records (P954000) application to create a record for allowed domain and attributes. You can type P954000 in the Fast Path or use this path to navigate to the Soft Coding Records application:
From the Navigator, select EnterpriseOne Menus, EnterpriseOne Life Cycle Tools, System Administration Tools, Soft Coding Administration, and then select Soft Coding Records.
To create a soft-coding record for allowed domain and attributes:
- Access the P954000 application.
- Click Add.
- In the User/Role field, enter the EnterpriseOne user, role, or *PUBLIC.
- In the Environment Name field, enter the EnterpriseOne environment for which you are creating a record for allowed domain and attributes.
- In the Template Name field, enter
CSP_ALLOWED_DIRECTIVE_SCHEME.Note: You can use the Visual Assist (Search) icon to search for and select the CSP_ALLOWED_DIRECTIVE_SCHEME template. - In the Soft Coding Key field, enter
CSP_ALLOWED_DIRECTIVE_SCHEME. - Click the Populate Soft Coding Value button to populate the Soft Coding
Description and Soft Coding Value fields with the information from the
CSP_ALLOWED_DIRECTIVE_SCHEME template.Note: The Record Type field is left blank by default.
The system displays the following template in the Soft Coding Value field.
<allow_content_security_policy> <properties> <property><name>csp_directive</name> <value>csp_directive_value||SCHEME:scheme_values</value></property> </properties> </allow_content_security_policy> -
In the Soft Coding Value field, replace the following fields with appropriate values.
csp_directive: This is the name of the directive in CSP. The sample values are:default-srcscript-srcconnect-srcimg-srcstyle-srcframe-srcobject-srcframe-ancestorsworker-srcfont-src
Example:
<property><name>connect-src</name><value>'self' http://static.oracle.com</value></property>-
csp_directive_value: The system applies this value to the directive name. Use the symbol ‘*’ in this list to indicate that the directive value should be applied to all the URLs. If you include the symbol ‘*’ and add a URL in the template, the system applies the directive value to all the URLs along with the added URL. The sample values are:'self''unsafe-inline''unsafe-eval'*
You can add all the trusted URLs in this part of the template.
Example:<property><name>connect-src</name><value>'self' http://static.oracle.com</value></property> -
scheme_values:This is the scheme value for CSP.The sample values are:mailto:tel:data:blob:
Example:<property><name>font-src</name><value>'self' *||SCHEME:data:</value></property>
Important: You must not make any changes to the structure of the template in the Soft Coding Value field. You can add the number of property tags as required and modifycsp_directive,csp_directive_value, andscheme_values. -
Click OK to save the record.
Note: You must log out and log back in to the JD Edwards EnterpriseOne application to apply CSP_ALLOWED_DIRECTIVE_SCHEME for the JD Edwards EnterpriseOne application.
Example Soft Coding Value Field:
<allow_content_security_policy>
<properties>
<property><name>default-src</name><value>'self' *</value></property>
<property><name>script-src</name><value>'self' 'unsafe-inline' 'unsafe-eval'</value></property>
<property><name>connect-src</name><value>'self' http://static.oracle.com</value></property>
<property><name>img-src</name><value>'self'||SCHEME:data:</value></property>
<property><name>style-src</name><value>'self' 'unsafe-inline'</value></property>
<property><name>frame-src</name><value>'self' *||SCHEME:mailto: tel: data:</value></property>
<property><name>object-src</name><value>'self'</value></property>
<property><name>frame-ancestors</name><value>'self'</value></property>
<property><name>worker-src</name><value>'self' ||SCHEME:blob:</value></property>
<property><name>font-src</name><value>'self' *||SCHEME:data:</value></property>
</properties>
</allow_content_security_policy>