question

Ryan-2978 avatar image
0 Votes"
Ryan-2978 asked ·

Custom headers in Azure API Management for CSP

In Azure API Management, there is a section to add policies. It seems that we can only add built-in policies. We are looking to add a Content Security Policy (CSP) header just like on our Azure Web app.

CSP Reference: https://content-security-policy.com/

Is it possible to add such custom http header?

Regards,

azure-api-management
· 2
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PramodValavala-MSFT avatar image PramodValavala-MSFT ·

@Ryan-2978 Just checking in to see if my response helps

0 Votes 0 ·
Ryan-2978 avatar image Ryan-2978 PramodValavala-MSFT ·

@PramodValavala-MSFT I will try it today and let you know, thanks for your help!


0 Votes 0 ·

1 Answer

PramodValavala-MSFT avatar image
0 Votes"
PramodValavala-MSFT answered ·

This is possible. You simply need to use the set-header policy in your outbound policy block to set the appropriate CSP headers required.

You can read more about policies in APIM for more insights on how policies work.


· 1 · Share
10 |1000 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Ryan-2978 avatar image Ryan-2978 ·

Works perfectly thanks!

0 Votes 0 ·