Getting Started with DeskDirector
DeskDirector Portals
Browser Support
What is the DeskDirector Admin Portal?
What is the DeskDirector Tech Portal
What is the DeskDirector Client Portal?
Desktop Portal
Managing Your Account
Admin Essentials
DeskDirector Features Overview
Logging in to DeskDirector
User Profiles & Profile Pictures
Managing Tickets with DeskDirector
Office Hours
How Searching Works
Embedding Help Page Media
Get started with the DeskDirector Power Automate Connector
Features
Portal Customization
Forms
Service Catalogue
Communication
Email Connectors
Notifications
Email Notifications
Actionable Messages for Emails
Real-Time Chats
Email Template Engine
Surveys
Broadcasts
Generative AI
Setting up AI Service Providers
Microsoft Foundry for DeskDirector
Knowledge Bases for AI Assistants
Custom Tools for AI Assistants
DeskDirector with Generative AI
AI Assistants in DeskDirector
Ticket Summary for TECH Portal
Advanced
Login & Authentication
Dashboard
Accounts
Contacts
Contact Groups
Approvals
Tags
Custom Domains
Task Lists
File Storage
The Learning Center
Portal Deep Linking
Auditing & Analytics
Microsoft Power Automate
Actions
Solutions
Featured Solution: Teams Ticket Discussion
Power Automate Template Gallery
Featured Solution: Ticket Briefing
Power Automate Administration
DeskDirector Power Platform Connector Reference
Power Automate Connector - Setting up your first flow
Microsoft Teams App
Introducing the DeskDirector for Microsoft Team App
Installing the Microsoft Teams App (Client Mode)
Installing the Microsoft Teams App (TECH Mode)
Setting up Tags for Teams Discussions (TECH Portal)
Branding the DeskDirector Teams App
DeskDirector Teams App Notifications
Contact Groups Integration with Microsoft Teams
Setting up Content Security Policy (CSP)
Advanced topic: Setting up Tech & Client Mode in the same tenancy
Integrating Microsoft Teams with DeskDirector Tech Portal
Smart Alerts for TECH Users
Integrations
Glossary
Security
Troubleshooting
Troubleshooting via Web Developer Tools
Desktop Portal - Common Issues
Contact & Service Agent Impersonation
Approvals - Common Issues
Microsoft Teams App - Common Issues
Email & Email Delivery - Common Issues
Login & Authentication - Common Issues
DeskDirector Desktop App - Installation Issues
Permissions & Access - Common Issues
Contact DeskDirector Support
Troubleshooting DeskDirector Connection Issues
Table of Contents
- All Categories
- Security
- Content-Security-Policy
Content-Security-Policy
Updated
by Niamh Ferns
CSP is an additional security layer that helps reduce the risk of common web attacks such as:
- Cross-Site Scripting (XSS)
- Data injection attacks
These attack types are often used for outcomes like data theft, site defacement, or distributing malware.
Clickjacking
CSP can help prevent clickjacking by using the frame-ancestors directive. This controls which websites (if any) are allowed to embed DeskDirector inside an iframe.
Cross-Site Scripting (XSS)
CSP can also limit which scripts are allowed to run. In DeskDirector, this helps prevent unknown or untrusted JavaScript from loading.
DeskDirector’s server only allows scripts from our approved CDN location.
Default setup
- In server versions 19.66.x and above, the CSP header is enabled by default and is always returned by the server.
- DeskDirector provides a secure default CSP configuration aligned with best practices.
- With the default CSP, the only directive you can change is
frame-ancestors.
The frame-ancestors directive defines which websites are allowed to embed DeskDirector (for example, embedding the Client Portal inside your own website).
You do not need to change this unless you plan to embed the Client Portal.
Valid values include:
- A specific domain, e.g.
https://www.example.org - A wildcard domain, e.g.
https://*.example.org
Custom CSP setup (restricted)
DeskDirector does support custom CSP directives, but this is restricted to specific scenarios because incorrect CSP values can prevent the application from functioning correctly.
- Additional CSP configuration is available through consulting for customers who have purchased the Platinum package.
- Any custom directives are designed and approved by DeskDirector senior development team to reduce the risk of misconfiguration.
