Tal_Luzon
Nov 17, 2019Nimbostratus
Bot defense adds CSP and breaks application
When using bot defense (v14.1.2.1) CSP (Content-Security-Policy) header is added with "script-src 'self' 'nonce-s3u4r9SWBL0Pi3M9jlb46Jv';
I couldn't find a way to get rid of this behavior, do you know of one?
If there isn't a way I'd like to try and remove this string.
How do I use regex groups to remove only this string as the CSP has additional properties
I want to replace this:
Content-Security-Policy: script-src 'self' 'nonce-s3u4r9SWBL0Pi3M9jlb46Jv'; frame-ancestors 'self' www.mysite.com
with this:
Content-Security-Policy: frame-ancestors 'self' www.mysite.com
something like using:
(script-src 'self' '.*'; )(frame-ancestors 'self' .*)
and replace it with only the second group of the regex match.
Thanks!