Jump to content

Netscaler Content-Security-Policy: This policy contains 'unsafe-inline' which is dangerous in the script-src directive


Recommended Posts

dear colleague administrators,

 

When you nowadays perform a clean fresh install of a Netscaler using the latest Citrix sources (e.g the .OVF VMware images) I notice that Citrix has embedded specific Security Content Policy parts inside the firmware that are yet considered unsafe in terms of best security practices by pretty much all external security check sites:

 

image.thumb.png.eee7a826535b7a55ac04d9b141b4313e.png

 

image.thumb.png.70670a2b1edad1d405dc3d6dfa39b003.png

 

When doublechecking Citrix' latest official recommendation on this in their documentation I find:

 

https://support.citrix.com/article/CTX233095/how-to-create-rewrite-policy-for-security-headers

 

 In this article which was updated only last month we see in fact that manually adding the "Unsafe-Inline" entries is actually still being recommended for Netscalers running older firmware that don't have this code baken in yet. I'm lost as to which is the correct action to take in terms of best security practices. Either Citrix or the CSP security world out there must be wrong. Any input or thoughts ?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...