Overview

Content Security Policy (CSP) adds a layer of security to detect and prevent website attacks such as Cross-Site Scripting (XSS) and data injection attacks. CSP is enabled in JD Edwards EnterpriseOne (Tools Release 9.2.8.3), and this CSP restricts the content from the cross domains. For example, the JET components in JET applications and content from other domains are restricted.

Starting with Tools Release 9.2.8.4, JD Edwards EnterpriseOne provides you the ability to allow trusted domains and attributes by using a soft coding template.

This chapter includes information on how to create a soft coding record using the CSP_ALLOWED_DIRECTIVE_SCHEME template to allow the trusted domains and attributes. This chapter also explains how to use this template to disable CSP.