{"id":495,"date":"2022-01-07T20:05:58","date_gmt":"2022-01-07T19:05:58","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/2022\/01\/07\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/"},"modified":"2022-04-06T08:26:26","modified_gmt":"2022-04-06T06:26:26","slug":"documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/","title":{"rendered":"Documentum &#8211; Applying Content-Security-Policy (CSP) on D2 while using WSCTF plugin"},"content":{"rendered":"<p>If you have ever been working on a sensitive Documentum environment (they are all sensitive, are they not?!), you might already have worked on hardening your Web Servers. One of these aspects is to have a specific set of HTTP Security Headers. In this blog, I will talk about one in particular, which is the Content-Security-Policy (CSP).<\/p>\n<p>&nbsp;<\/p>\n<p>The recommendations are usually to setup a set of headers. Here is an example of header names and values (that are\/should be considered secure):<\/p>\n<ul>\n<li>X-XSS-Protection: 1; mode=block<\/li>\n<li>X-Content-Type-Options: nosniff<\/li>\n<li>Content-Security-Policy: default-src &#8216;none&#8217;; script-src &#8216;self&#8217;; connect-src &#8216;self&#8217;; img-src &#8216;self&#8217;; style-src &#8216;self&#8217;;<\/li>\n<li>X-Frame-Options: SAMEORIGIN<\/li>\n<li>Cache-Control: no-cache, no-store<\/li>\n<li>Pragma: no-cache<\/li>\n<li>Strict-Transport-Security: max-age=63072000; includeSubDomains<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>In case you have never heard of the CSP, I like the <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Headers\/Content-Security-Policy\/default-src\" target=\"_blank\" rel=\"noopener\">documentation that Mozilla provides<\/a>, it is very clear and provides all the necessary information for you to understand how things works as well as what you can and cannot configure.<\/p>\n<p>&nbsp;<\/p>\n<p>The configuration of the CSP is really application dependent because it controls what the browser should be allowed to execute\/fetch\/render based on the value of the HTTP Header. With the above example, a lot of things will be disabled completely because the default-src is set to &#8216;none&#8217; and everything that isn&#8217;t specifically defined in the HTTP Header will fallback with the value of the default-src parameter. This means that, for example, the browser will not even allow the load of a font from a ttf file (some application like D2 tries to load ttf files). Everything set with &#8216;self&#8217; means that if it&#8217;s a resource coming from the same server (same scheme, host\/dns\/domain, and port), then it will be allowed. For other details, I would strongly suggest you look at the Mozilla documentation.<\/p>\n<p>&nbsp;<\/p>\n<p>Applying all other HTTP Security Headers to D2 shouldn&#8217;t cause too many issues but applying the CSP as depicted in the example will completely break it. Here is a screenshot of the Google Chrome console with the &#8220;recommended&#8221; settings from a security point of view (<em>Content-Security-Policy: default-src &#8216;none&#8217;; script-src &#8216;self&#8217;; connect-src &#8216;self&#8217;; img-src &#8216;self&#8217;; style-src &#8216;self&#8217;;<\/em>):<\/p>\n<p><a href=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/01\/D2_screen1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-53481\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/01\/D2_screen1.png\" alt=\"\" width=\"1809\" height=\"356\" \/><\/a><\/p>\n<p>Regarding the CSP, the usage of the &#8216;unsafe-inline&#8217;, &#8216;unsafe-eval&#8217; or &#8216;data:&#8217; directives are usually considered insecure. Unfortunately, most application (D2 isn&#8217;t an exception) will require some of these directives in order to work, as you can see on the above screenshot. There is always the option to use the &#8216;nonce-*&#8217; or the hash value but that will require you to configure each and every resource, one by one&#8230; When you have hundreds of applications to manage that each tries to load dozens of different resources, that will most likely become an issue. Therefore, you will most probably end-up with a more relaxed configuration. Let&#8217;s try D2 with a more realistic CSP based on the above errors (<em>Content-Security-Policy: default-src &#8216;none&#8217;; script-src &#8216;self&#8217; &#8216;unsafe-inline&#8217; &#8216;unsafe-eval&#8217;; connect-src &#8216;self&#8217;; img-src &#8216;self&#8217;; style-src &#8216;self&#8217; &#8216;unsafe-inline&#8217;; font-src &#8216;self&#8217;; manifest-src &#8216;self&#8217;; frame-src &#8216;self&#8217;;<\/em>):<\/p>\n<p><a href=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/01\/D2_screen2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-53482\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/01\/D2_screen2.png\" alt=\"\" width=\"1812\" height=\"378\" \/><\/a><\/p>\n<p>That&#8217;s still not enough and that&#8217;s the purpose of this blog. The configuration, until now, is rather simple: you configure your Web Server, reload, and look for errors on the Chrome console. However, as you can see in the second screenshot, there is a problem with the D2 WSCTF plugin.<\/p>\n<p>&nbsp;<\/p>\n<p>When D2 is configured to use the WSCTF plugin, it will actually execute a piece of code on your workstation that is being accessed by D2 (by the browser) through a socket using the associated protocol (WebSockets Secure &#8211; &#8220;wss:\/\/&#8221;). Therefore, this needs to be added into the allowed connection source using &#8220;connect-src wss:&#8221;. Unless I&#8217;m mistaken, I don&#8217;t think it is possible to filter this configuration further. However, doing that isn&#8217;t sufficient, it will still fail with the latest error shown in the previous screenshot: <em>Refused to frame &#8221; because it violates the following Content Security Policy directive: &#8220;frame-src &#8216;self'&#8221;<\/em>. The frame &#8221; is actually also because of the WSCTF plugin, to avoid redirections at the browser level when D2 talks to the plugin. Documentum created its own custom protocol that is being used for that purpose and that&#8217;s what is still missing.<\/p>\n<p>&nbsp;<\/p>\n<p>In order to fix this issue and allow the WSCTF plugin to work, the needed configuration is &#8220;frame-src dctmctf:&#8221;. This might be documented somewhere but I have never seen it before. To find that, I have been looking at the JavaScript code being executed in the browser (by putting a breakpoint) and it gave me the following:<\/p>\n<p><a href=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/01\/D2_screen3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-53483\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/01\/D2_screen3.png\" alt=\"\" width=\"1836\" height=\"517\" \/><\/a><\/p>\n<p>As shown, the frame being started begins with &#8220;dctmctf:&#8221; and therefore, allowing the frame source on that scheme is fixing the issue (yes all the messages are in red, meaning it&#8217;s an &#8220;ERROR&#8221; but that&#8217;s how D2 prints these info messages&#8230;):<\/p>\n<p><a href=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/01\/D2_screen4.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-53484\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/01\/D2_screen4.png\" alt=\"\" width=\"1814\" height=\"519\" \/><\/a><\/p>\n<p>Therefore, in case you are using D2 (and a lot of other applications), a more realistic CSP configuration will most probably be something like:<\/p>\n<p><em>Content-Security-Policy: default-src &#8216;none&#8217;; script-src &#8216;self&#8217; &#8216;unsafe-inline&#8217; &#8216;unsafe-eval&#8217;; connect-src &#8216;self&#8217; wss:; img-src &#8216;self&#8217; data:; style-src &#8216;self&#8217; &#8216;unsafe-inline&#8217;; font-src &#8216;self&#8217;; manifest-src &#8216;self&#8217;; frame-src &#8216;self&#8217; dctmctf:;<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>As mentioned at the beginning of this blog, CSP is really application dependent. Unfortunately, most apps aren\u2019t built with CSP in mind and therefore you must make concessions to be able to strengthen your Web Servers without breaking your applications.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you have ever been working on a sensitive Documentum environment (they are all sensitive, are they not?!), you might already have worked on hardening your Web Servers. One of these aspects is to have a specific set of HTTP Security Headers. In this blog, I will talk about one in particular, which is the [&hellip;]<\/p>\n","protected":false},"author":20,"featured_media":496,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[197,525],"tags":[125,126,127,128,129,130],"type_dbi":[],"class_list":["post-495","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-application-integration-middleware","category-enterprise-content-management","tag-content-security-policy","tag-csp","tag-ctf","tag-dctmctf","tag-documentum","tag-wsctf"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Documentum - Applying Content-Security-Policy (CSP) on D2 while using WSCTF plugin - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Documentum - Applying Content-Security-Policy (CSP) on D2 while using WSCTF plugin\" \/>\n<meta property=\"og:description\" content=\"If you have ever been working on a sensitive Documentum environment (they are all sensitive, are they not?!), you might already have worked on hardening your Web Servers. One of these aspects is to have a specific set of HTTP Security Headers. In this blog, I will talk about one in particular, which is the [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-07T19:05:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-04-06T06:26:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/01\/D2_screen1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1809\" \/>\n\t<meta property=\"og:image:height\" content=\"356\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Morgan Patou\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@MorganPatou\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Morgan Patou\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/\"},\"author\":{\"name\":\"Morgan Patou\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8\"},\"headline\":\"Documentum &#8211; Applying Content-Security-Policy (CSP) on D2 while using WSCTF plugin\",\"datePublished\":\"2022-01-07T19:05:58+00:00\",\"dateModified\":\"2022-04-06T06:26:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/\"},\"wordCount\":888,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/01\/D2_screen1.png\",\"keywords\":[\"Content-Security-Policy\",\"CSP\",\"CTF\",\"dctmctf\",\"Documentum\",\"wsctf\"],\"articleSection\":[\"Application integration &amp; Middleware\",\"Enterprise content management\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/\",\"name\":\"Documentum - Applying Content-Security-Policy (CSP) on D2 while using WSCTF plugin - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/01\/D2_screen1.png\",\"datePublished\":\"2022-01-07T19:05:58+00:00\",\"dateModified\":\"2022-04-06T06:26:26+00:00\",\"author\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/#primaryimage\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/01\/D2_screen1.png\",\"contentUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/01\/D2_screen1.png\",\"width\":1809,\"height\":356},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.dbi-services.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Documentum &#8211; Applying Content-Security-Policy (CSP) on D2 while using WSCTF plugin\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8\",\"name\":\"Morgan Patou\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g\",\"caption\":\"Morgan Patou\"},\"description\":\"Morgan Patou has over 12 years of experience in Enterprise Content Management (ECM) systems, with a strong focus in recent years on platforms such as Alfresco, Documentum, and M-Files. He specializes in the architecture, setup, customization, and maintenance of ECM infrastructures in complex &amp; critical environments. Morgan is well-versed in both engineering and operations aspects, including high availability design, system integration, and lifecycle management. He also has a solid foundation in open-source and proprietary technologies - ranging from Apache, OpenLDAP or Kerberos to enterprise-grade systems like WebLogic. Morgan Patou holds an Engineering Degree in Computer Science from ENSISA (\u00c9cole Nationale Sup\u00e9rieure d'Ing\u00e9nieurs Sud Alsace) in Mulhouse, France. He is Alfresco Content Services Certified Administrator (ACSCA), Alfresco Content Services Certified Engineer (ACSCE) as well as OpenText Documentum Certified Administrator. His industry experience spans the Public Sector, IT Services, Financial Services\/Banking, and the Pharmaceutical industry.\",\"sameAs\":[\"https:\/\/blog.dbi-services.com\/author\/morgan-patou\/\",\"https:\/\/x.com\/MorganPatou\"],\"url\":\"https:\/\/www.dbi-services.com\/blog\/author\/morgan-patou\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Documentum - Applying Content-Security-Policy (CSP) on D2 while using WSCTF plugin - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/","og_locale":"en_US","og_type":"article","og_title":"Documentum - Applying Content-Security-Policy (CSP) on D2 while using WSCTF plugin","og_description":"If you have ever been working on a sensitive Documentum environment (they are all sensitive, are they not?!), you might already have worked on hardening your Web Servers. One of these aspects is to have a specific set of HTTP Security Headers. In this blog, I will talk about one in particular, which is the [&hellip;]","og_url":"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/","og_site_name":"dbi Blog","article_published_time":"2022-01-07T19:05:58+00:00","article_modified_time":"2022-04-06T06:26:26+00:00","og_image":[{"width":1809,"height":356,"url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/01\/D2_screen1.png","type":"image\/png"}],"author":"Morgan Patou","twitter_card":"summary_large_image","twitter_creator":"@MorganPatou","twitter_misc":{"Written by":"Morgan Patou","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/"},"author":{"name":"Morgan Patou","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8"},"headline":"Documentum &#8211; Applying Content-Security-Policy (CSP) on D2 while using WSCTF plugin","datePublished":"2022-01-07T19:05:58+00:00","dateModified":"2022-04-06T06:26:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/"},"wordCount":888,"commentCount":0,"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/01\/D2_screen1.png","keywords":["Content-Security-Policy","CSP","CTF","dctmctf","Documentum","wsctf"],"articleSection":["Application integration &amp; Middleware","Enterprise content management"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/","url":"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/","name":"Documentum - Applying Content-Security-Policy (CSP) on D2 while using WSCTF plugin - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/#primaryimage"},"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/01\/D2_screen1.png","datePublished":"2022-01-07T19:05:58+00:00","dateModified":"2022-04-06T06:26:26+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/#primaryimage","url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/01\/D2_screen1.png","contentUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/01\/D2_screen1.png","width":1809,"height":356},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/documentum-applying-content-security-policy-csp-with-d2-wsctf-plugin\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Documentum &#8211; Applying Content-Security-Policy (CSP) on D2 while using WSCTF plugin"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/c4d05b25843a9bc2ab20415dae6bd2d8","name":"Morgan Patou","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5d7f5bec8b597db68a09107a6f5309e3870d6296ef94fb10ead4b09454ca67e5?s=96&d=mm&r=g","caption":"Morgan Patou"},"description":"Morgan Patou has over 12 years of experience in Enterprise Content Management (ECM) systems, with a strong focus in recent years on platforms such as Alfresco, Documentum, and M-Files. He specializes in the architecture, setup, customization, and maintenance of ECM infrastructures in complex &amp; critical environments. Morgan is well-versed in both engineering and operations aspects, including high availability design, system integration, and lifecycle management. He also has a solid foundation in open-source and proprietary technologies - ranging from Apache, OpenLDAP or Kerberos to enterprise-grade systems like WebLogic. Morgan Patou holds an Engineering Degree in Computer Science from ENSISA (\u00c9cole Nationale Sup\u00e9rieure d'Ing\u00e9nieurs Sud Alsace) in Mulhouse, France. He is Alfresco Content Services Certified Administrator (ACSCA), Alfresco Content Services Certified Engineer (ACSCE) as well as OpenText Documentum Certified Administrator. His industry experience spans the Public Sector, IT Services, Financial Services\/Banking, and the Pharmaceutical industry.","sameAs":["https:\/\/blog.dbi-services.com\/author\/morgan-patou\/","https:\/\/x.com\/MorganPatou"],"url":"https:\/\/www.dbi-services.com\/blog\/author\/morgan-patou\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/495","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=495"}],"version-history":[{"count":6,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/495\/revisions"}],"predecessor-version":[{"id":17019,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/495\/revisions\/17019"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media\/496"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=495"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=495"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=495"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=495"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}