https://community.checkpoint.com/t5/SASE-and-Remote-Access/HTTP-Content-Security-Policy/m-p/199659#M4313 <P>Hello,<BR />Has anyone been able to configure the "<A href="https://snappymail.eu/" target="_blank" rel="noopener">snappymail</A> webmail<BR />behind the Mobile Blade user portal?<BR /><BR /></P><P>I'm using R81.0 and the web application is configured with HT.</P><P>It seems that this web application sends a Content-Security-Policy<BR />header with a nonce in "script-src" that blocks javascript injected by the MobileBlade portal.<BR />( <A href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy</A> )</P><P>Is it possible to tweak the injected javascript to add the nonce to the Content-Security-Policy header?</P><P>Best Regards,</P> Mon, 04 Dec 2023 17:01:25 GMT lhag87 2023-12-04T17:01:25Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/HTTP-Content-Security-Policy/m-p/199659#M4313 <P>Hello,<BR />Has anyone been able to configure the "<A href="https://snappymail.eu/" target="_blank" rel="noopener">snappymail</A> webmail<BR />behind the Mobile Blade user portal?<BR /><BR /></P><P>I'm using R81.0 and the web application is configured with HT.</P><P>It seems that this web application sends a Content-Security-Policy<BR />header with a nonce in "script-src" that blocks javascript injected by the MobileBlade portal.<BR />( <A href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy</A> )</P><P>Is it possible to tweak the injected javascript to add the nonce to the Content-Security-Policy header?</P><P>Best Regards,</P> Mon, 04 Dec 2023 17:01:25 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/HTTP-Content-Security-Policy/m-p/199659#M4313 lhag87 2023-12-04T17:01:25Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/HTTP-Content-Security-Policy/m-p/199864#M4314 <P>I am experiencing a similar issue with Content Security Policy (CSP) restrictions causing blockages. It seems that the security measures in place are impacting the accessibility of certain content.</P><P>I believe that addressing this concern is crucial for a smoother user experience. maintain the necessary security while ensuring that legitimate content is not unduly restricted.</P><P>Has anyone found a resolution to this problem or have suggestions on how we can navigate around CSP limitations without compromising security?</P><P>Looking forward to hearing your insights and experiences.</P><P>Best regards,</P> Wed, 06 Dec 2023 14:14:43 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/HTTP-Content-Security-Policy/m-p/199864#M4314 Pito 2023-12-06T14:14:43Z