Generally available: API Management Content Security Policy and CORS configuration support
Published date: June 22, 2022
Azure API Management support for Content Security Policy is now generally available for both the developer portal and the self-hosted portal. This support enhances security and removes the need for custom functionality in the self-hosted portal.
Content Security Policy in the developer portal helps you detect and mitigate common attacks including cross-site scripting and data injection, reducing exposure to data theft, site defacement, or malware distribution.
CORS configuration enables self-hosted portals to use API Management’s implementation of Captcha verification, OAuth token retrieval in the test console, and authentication or subscription delegation, removing the need to implement and maintain custom functionality.