You may need to restrict where images are fetched in your content to prevent cases such as NTLM hash stealing.
To add a domain restriction, perform the following steps:
ssh
to your instance as the dradispro
user.content_security_policy.rb
file found in the /opt/dradispro/dradispro/current/config/initializers
directoryUpdate the following line from:
policy.img_src :self, :https, :data
To:
policy.img_src :self, :data, 'https://example.com', 'https://anotherdomain.com'
Where https://example.com
and https://anotherdomain.com
are the domains you're allowing your <img>
tags to be fetched from. In case you need to allow more domains, you can add more to the line separated with a comma
$ god load /etc/god.d/dradispro-puma.god $ god restart
Images fetched from your instance should now be restricted!
Next help article: Change default CIC password →
Your email is kept private. We don't do the spam thing.