Need Guidance on Setting Safe Content Security Policy for SVG Files

matefesus
Tera Contributor

Hi everyone,

I’m currently working on a request titled “Set Safe Content Security Policy for SVG Files”. The goal is to review and possibly implement a content security policy specifically for handling SVG files, to ensure safe usage in the platform.

As the platform owner, I’d like to understand:

  1. What impact could enabling a safe content security policy for SVG files have on the system?

    • Will it affect attachments, image rendering, or any integrations?

    • Could it block any legitimate SVG-based functionality?

  2. Is it safe to implement this change without causing issues in the platform?

    • Have others implemented this in production without problems?

  3. How can I locate and configure the property related to SVG content security?

    • I tried searching for it in System Properties, but couldn’t find a relevant property. Is it something I need to create manually or is it only available in certain versions?

If anyone has experience with securing SVG content or configuring content security policies for file types, I’d really appreciate your guidance. Also, if there are any Knowledge Base articles or Security Best Practices from ServiceNow about this, please feel free to share!

Thanks in advance!

1 REPLY 1

Danny_Kaminsky
Tera Contributor

Hi matefesus,

 

Do you currently leverage ServiceNow's Security Center? There is a hardening setting that I believe addresses your exact request.

 

Here is a link to the documentation: 

https://www.servicenow.com/docs/bundle/washingtondc-platform-security/page/administer/security-cente...

 

I have not noticed any ill-effects with our SVG files in the platform after enabling this property (it might have needed to be created, but enabling in the Security Center will create it for you).

 

I hope this little bit of information is helpful!

 

Danny