SAP Knowledge Base Article - Public

3069320 - Removing of unsafe-* information in Content Security Policy (CSP) header - Recruiting Marketing


Possibility of removing  unsafe-* information in Content Security Policy (CSP) in CSB.
Does the presence of “unsafe-inline” and “unsafe-eval” keywords mean there is a security violation.


SAP SuccessFactors Recruiting Marketing


As per Engineering and Product Management, even though the Content Security Policy (CSP) includes unsafe-* information, these do not constitute a vulnerability in the system.
Removing these would require a refactor of the code which is not planned at this point.
Any revision in this decision will be updated in this KBA.

See Also

3044364 - Enabling Content Security Policy for RMK Site - Recruiting Marketing


Content Security Policy, unsafe, vulnerability, CSB, Recruiting Marketing, Header , KBA , LOD-SF-RMK-CSB , Career Site Builder , How To


SAP SuccessFactors Recruiting all versions