parrishk Posted December 23, 2020 Share Posted December 23, 2020 Good day! I was recently configuring remote session launcher and was unable to due the Content Security Policy not allowing "psrsl://*" on the 'default-src'. Once I added this to the header it worked as expected. My question is, can you provide a list of default headers that are now included in Passwordstate and should psrsl://* be included by default? Link to comment Share on other sites More sharing options...
support Posted December 23, 2020 Share Posted December 23, 2020 Hello, With our Client Based Launcher, psrsl is only required as a configuration in Chrome - we have not added any security headers for this launcher, so the behaviour you've explained above is a bit unusual. The headers we add to the payload are: Embedded in Code Response.AddHeader("x-frame-options", "SAMEORIGIN") Response.AddHeader("X-XSS-Protection", "1; mode=block") Response.AddHeader("X-Content-Type-Options", "nosniff") Response.AddHeader("Referrer-Policy", "same-origin") Response.Headers.Remove("Server") In Web.config file <customHeaders> <add name="X-UA-Compatible" value="IE=edge" /> <add name="Cache-Control" value="max-age=0, no-cache, must-revalidate" /> <add name="Expires" value="Thu, 01 Jan 1970 00:00:00 GMT" /> <add name="Pragma" value="no-cache" /> <remove name="X-Powered-By" /> <add name="Strict-Transport-Security" value="max-age=31536000" /> </customHeaders> Regards Click Studios Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.