Community Help

sylvia_sotomayo · ‎06-18-2024

Hi,

This is a question for Canvas admins, particularly those in higher ed. Is anyone using the Content Security Policy? What issues have you encountered if so? If not, why not? We have started using it and I have run into a few pain points, one severe enough that it is now listed in Known Issues and they are working on a fix. I am interested in hearing from other who are using the CSP or have used it.

Thank you,

Sylvia Sotomayor
Canvas Admin, Distance Education
Cerro Coso Community College

JMPhillips_23 · ‎07-02-2024

Does canvas sell or share my information ?

phanley · ‎01-22-2025

We haven't enabled it so far -- Content Security Policy is a good example of a feature that needs a user story in its documentation that explains the set of problems the feature solves*, summarizes the arguments for enabling it and spells out the foreseeable ramifications of enabling it (e.g. arbitrary iFramed content in Pages breaking, which I'm guessing is a possibility if it's enabled).

* for example, I'm still unclear if the main use case is disabling malicious JS from sketchy sites embedded in iframes, or it's for adding support for the recent more restrictive browser content policies, or both

sylvia_sotomayo · ‎01-22-2025

Agreed re the use cases. We implemented it because it seemed a good idea to add security and then disabled it when it became unworkable.

Content Security Policy

Admin

Creating a test from zip files of publisher text b...

What triggers the SpeedGrader graded submission ti...

Meet Myself Dario Schiraldi

I need to recover 60 item banks totaling 600+ item...

Introduction – Dario Schiraldi, CEO of Travel Work...

CANVAS INBOX

Concluded Courses

"Conferences" does not appear in the list of optio...

Case sensitivity for quiz answers

"Key words" for quiz answers

You're signed out

Content Security Policy

Community Help

View our top guides and resources: