How to customize any response headers added to the server.
Goal
After completing this how-to you will be able to add or customize any response headers to the TeamConnect servers. You can add any header that you would like. This article explains with the example of some HTTP Response Security headers namely
o CSP
o Permissions-Policy
o Referrer-Policy
Step-by-step instructions with example.
1. In Admin Settings > General there is a setting option called Response Header Values where you can customize any response headers that you want to add to the server.
2.Setting Content-Security-Policy to the wrong value can cause team connect to not function normally, the following is the strictest we can put it to at the moment:
Content-Security-Policy: default-src ‘self' 'unsafe-inline' 'unsafe-eval'
3.You can define any Permissions policy header that you want here also, which would allow you to disable browser features on your user’s pages. Though since this header uses commas to separate values, all the options will need to be added individually instead of as a single header:
Permissions-Policy:camera=(), Permissions-Policy:fullscreen(self)
4. You can do the same with your preferred referrer-policy:
Referrer-Policy: strict-origin-when-cross-origin
5.And an example of a full setting value for the previous entries would be:
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval', Permissions-Policy:camera=(), Permissions-Policy:fullscreen(self), Referrer-Policy: strict-origin-when-cross-origin