MongoByte MongoDB Logo

Welcome to the new MongoDB Feedback Portal!

{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.

Add new feedback Subscribe
Status Submitted
Categories Enterprise Advanced
Created by Guest
Created on Dec 19, 2022

RELATED FEEDBACK

“Content-Security-Policy” header

Hello, We want to add the “Content-Security-Policy” header to the OpsManager/MongoDB answers to increase the security level: frame-ancestors 'none' (Do not render in frames) script-src 'self': only loads scripts originating on the site (subdomains excluded) default-src 'none': recommended for services returning HTML. Could you please tell us how to set up these elements ? Thank you in advance for your support. Regards
  • Guest
    Sep 18, 2025
    We created Mongo support case to mitigate “Content-Security-Policy” header vulnerability for ops manager and case is closed without providing any ETA. It's strange, Mongo team admits it's a vulnerability yet not providing fix for it. My request is, provide the fix ASAP.
    Reply
  • Guest
    Dec 20, 2022
    very important for security level
    Reply