Symptom
Is it possible to add Content Security Policy (CSP) in RCM career site ?
Environment
SAP SuccessFactors Recruiting Recruiting Management
SAP SuccessFactors Recruiting Marketing
Resolution
We have confirmed with a Product Management team that this is not secruity violation as Content Security Policy (CSP) header is currently not required for RCM.
Note:
The content security policy is designed to guard against cross-site scripting (XSS) attacks through the use of a Content-Security-Policy HTTP response header that lets you control the resources allowed to load for a web page. The headers are used in career site pages owned by the organization (such as jobs.example.com, where <example> is your organization's name), but not in the Candidate Profile and other pages generated within SAP SuccessFactors Recruiting.
This only supported via RMK - CSB . If customers want to add the functionality of adding this in the header in RCM then you can raise an enhancement request in this article 2090228 - How to Submit Ideas for SAP SuccessFactors Products.
Keywords
Content Security Policy (CPS) Missing, CSP, Vulnerability, CSP Header, RMK, Career Site, CSB, RCM Career Site , KBA , LOD-SF-RCM-POR , Career and Agency Portals , LOD-SF-RMK-CSB , Career Site Builder , Product Enhancement