.svg)
Beginning with version 23.253, FileCloud uses a dynamic CSP by default.
A dynamic Content Security Policy (CSP) adds protection to a site depending on which features you are using. This enables a granular level of security that allows potentially harmful resources to be blocked when not essential, but permitted when necessary. For example, in FileCloud, certain resources could be permitted if your system were integrating with Google Apps, but blocked if Google Apps resources were not required.
By default, FileCloud uses a dynamic CSP to offer you protection according to your specific implementation.
Disabling Dynamic CSP
If you want a stricter or more permissive security policy, you may disable dynamic CSP and use the content security policy included in the .htaccess file.
To disable dynamic CSP:
-
On the FileCloud Server, open the cloudconfig file:
In Windows:
C:\xampp\htdocs\config\cloudconfig.phpIn Linux:
/var/www/html/config/cloudconfig.php
-
Set TONIDOCLOUD_DYNAMIC_CSP_ENABLED to 0.
define("TONIDOCLOUD_DYNAMIC_CSP_ENABLED", 0);
Once you disable dynamic CSP, FileCloud uses the content security policy in your .htaccess file. You may use the default settings or customize the content security policy.
To customize the .htaccess file:
-
Open the file in:
Windows:
C:\xampp\htdocs\.htaccess
Linux:
/var/www/html/.htaccess -
Add your customizations the Content -Security-Policy header, indicated below.
