From ef7b13d313f33c23a5f916b8531f7d51969a3d1d Mon Sep 17 00:00:00 2001 From: Tianle Huang <60111637+tianleh@users.noreply.github.com> Date: Mon, 18 Mar 2024 16:08:14 -0700 Subject: [PATCH] Update _dashboards/csp/csp-dynamic-configuration.md Co-authored-by: Melissa Vagi Signed-off-by: Tianle Huang <60111637+tianleh@users.noreply.github.com> --- _dashboards/csp/csp-dynamic-configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_dashboards/csp/csp-dynamic-configuration.md b/_dashboards/csp/csp-dynamic-configuration.md index 5408e045a03..bc3a07fccce 100644 --- a/_dashboards/csp/csp-dynamic-configuration.md +++ b/_dashboards/csp/csp-dynamic-configuration.md @@ -50,4 +50,4 @@ curl '{osd endpoint}/api/appconfig/csp.rules' ## Precedence -In general, the dynamic configurations will take precedence over the configurations in YML. Specifically, when there is non empty CSP rules configured in the index, the rules from the YML will be used. To prevent `clickjacking`, we will append the `frame-ancestors` directive with value `'self'` if the rules from YML will be used and do not already have the directive `frame-ancestors`. +Dynamic configurations override YAML configurations, except for empty CSP rules. To prevent `clickjacking`, a `frame-ancestors: self` directive is automatically added to YAML-defined rules that lack it.