[jira] [Created] (NIFI-15738) Content Security Policy is configured in the insecure manner

Taha Naqvi (Jira) Mon, 23 Mar 2026 02:42:10 -0700

Taha Naqvi created NIFI-15738:
---------------------------------

             Summary: Content Security Policy is configured in the insecure 
manner
                 Key: NIFI-15738
                 URL: https://issues.apache.org/jira/browse/NIFI-15738
             Project: Apache NiFi
          Issue Type: Improvement
          Components: Security
    Affects Versions: 2.5.0
            Reporter: Taha Naqvi



Content Security Policy is configured in the insecure manner. Insecurely 
configured Content Security Policy (CSP) does not protect the application 
against potential client-side threats and can expose it to the attacks, 
including Cross-Site Scripting (XSS), Cross-Frame Scripting (XFS, Clickjacking) 
and Cross-Site Request Forgery (CSRF). 

 

Hosts allowlist can be frequently bypassed , `strict-dynamic` should  be used



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (NIFI-15738) Content Security Policy is configured in the insecure manner

Reply via email to