Is there a release date for implementing the Content Security Policy (CSP) at Liferay?
Written By
Rishabh Agrawal
How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!
While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.
Legacy Article
You are viewing an article from our legacy "FastTrack"
publication program, made available for informational purposes. Articles
in this program were published without a requirement for independent
editing or verification and are provided"as is" without
guarantee.
Before using any information from this article, independently verify its
suitability for your situation and project.
Issue
- If CSP is in beta mode, how is Liferay protecting its system from vulnerability?
- Is there a timescale for when the CSP will be fully deployed in the portal?
- Once the CSP has been successfully implemented, can a fix be provided in the existing versions of DXP?
Environment
- Liferay DXP [all versions]
Resolution
- CSP is just an additional layer of protection. There are several other layers that can be applied according to the nature of the functionality that wants to be protected.
- If the concern is regarding the missing CSP and Missing Secure Headers, then the missing CSP header itself is not considered a vulnerability.
- There are certain directives that are planned to be implemented within 2025 Q1 and 2025 Q2. Also, the beta flag of CSP is planned to move to the released flag in milestone 2, which means the 2025 Q3 release.
- If the fix of the CSP header is needed, it will be implemented as a new feature in the portal and cannot be backported in the older versions. Hence, the DXP version needs to be upgraded to use the feature.
Did this article resolve your issue ?