You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/frontdoor/front-door-security-headers.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,27 +24,27 @@ In this tutorial, you learn how to:
24
24
25
25
## Prerequisites
26
26
27
-
* Azure Front Door. To complete the steps in this tutorial, you must have a Front Door. For more information, see [Quickstart: Create a Front Door](quickstart-create-front-door.md).
28
-
*If this is your first time using the Rules Engine feature, see how to [Set up a Rules Engine](front-door-tutorial-rules-engine.md).
27
+
*An Azure subscription.
28
+
*Azure Front Door. To complete the steps in this tutorial, you must have a Front Door configured with rules engine. For more information, see [Quickstart: Create a Front Door](quickstart-create-front-door.md) and [Configure your Rules Engine](front-door-tutorial-rules-engine.md).
29
29
30
30
## Add a Content-Security-Policy header in Azure portal
31
31
32
32
1. Within your Front door resource, select **Rules engine configuration** under **Settings**, and then select the rules engine that you want to add the security header to.
33
33
34
34
:::image type="content" source="media/front-door-security-headers/front-door-rules-engine-configuration.png" alt-text="Screenshot showing rules engine configuration page of Azure Front Door.":::
35
35
36
-
1. Select **Add rule** to add a new rule. Provide the rule a name and then select **Add an Action** > **Response Header**.
36
+
2. Select **Add rule** to add a new rule. Provide the rule a name and then select **Add an Action** > **Response Header**.
37
37
38
-
1. Set the Operator to **Append** to add this header as a response to all of the incoming requests to this route.
38
+
3. Set the Operator to **Append** to add this header as a response to all of the incoming requests to this route.
39
39
40
-
1. Add the header name: *Content-Security-Policy* and define the values this header should accept, then select **Save**. In this scenario, we choose *`script-src 'self' https://apiphany.portal.azure-api.net`*.
40
+
4. Add the header name: *Content-Security-Policy* and define the values this header should accept, then select **Save**. In this scenario, we choose *`script-src 'self' https://apiphany.portal.azure-api.net`*.
41
41
42
42
:::image type="content" source="./media/front-door-security-headers/front-door-security-header.png" alt-text="Screenshot showing the added security header under.":::
43
43
44
44
> [!NOTE]
45
45
> Header values are limited to 640 characters.
46
46
47
-
4. Once you've added all of the rules you'd like to your configuration, don't forget to go to your preferred route and associate your Rules engine configuration to the Route Rule. This step is required to enable the rule to work.
47
+
5. Once you've added all of the rules you'd like to your configuration, don't forget to go to your preferred route and associate your Rules engine configuration to the Route Rule. This step is required to enable the rule to work.
48
48
49
49
:::image type="content" source="./media/front-door-security-headers/front-door-associate-routing-rule.png" alt-text="Screenshot showing how to associate a routing rule.":::
0 commit comments