Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mostafa85
New Contributor

Created on ‎12-29-2024 12:40 AM Edited on ‎12-29-2024 12:42 AM

FortiOS 7.6.1 Content-Security-Policy Issue with WSS

Hi everyone,

I'm encountering an issue with configuring Content-Security-Policy (CSP) in FortiOS 7.6.1. I'm trying to implement the following CSP rule:

default-src 'self' https://*.mydomain.net;
font-src 'self' https://fonts.gstatic.com data:;
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net;
img-src 'self' data: https:;
object-src 'none';
frame-ancestors 'none';

 

This configuration, however, blocks WebSocket (WSS) connections. To allow these, I attempted to add wss://*.mydomain.net to the default-src directive. However, the FortiOS validator throws the following error:In directive default-src, wss://*.mydomain.net is an invalid source.

I've tried various formats for including the wss:// scheme, but all resulted in the same validation error.

As a workaround, I've bypassed the validation and used this configuration:

default-src 'self' https://*.mydomain.net wss://*.mydomain.net;

 

This configuration does seem to work, allowing WSS connections.

My question is: Is this a bug in the FortiOS validation, or is it not possible to directly specify wss:// sources within the default-src directive using the validator?

Any insights or suggestions would be greatly appreciated.

Thanks!

Labels:
662
0 Kudos
6 REPLIES 6
Anthony_E
Community Manager
Community Manager

Created on ‎01-01-2025 09:28 PM

Hello Mostafa,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
589
Jean-Philippe_P
Moderator
Moderator

Created on ‎01-05-2025 10:12 PM

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

Thanks,

Jean-Philippe - Fortinet Community Team
522
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎01-13-2025 01:23 AM

Hello Mostafa,

 

Could we please invite you to open a ticket with our TAC team: https://support.fortinet.com/welcome/

 

They will help you.

 

Regards,

 

 

Anthony-Fortinet Community Team.
431
JohnRiver
New Contributor II
In response to Anthony_E

Created on ‎01-22-2025 09:31 AM

Great question, Do you guys have an answer from support?

356
0 Kudos
JohnRiver
New Contributor II

Created on ‎01-22-2025 09:32 AM

Do you have an answer from support team?

355
0 Kudos
JohnRiver
New Contributor II

Created on ‎01-22-2025 11:11 AM

You should be able to add the custom value in CLI, that resolved the same issue reported here

331
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.