From ccde442de86f2bd782505f8bfdf9c6a13c5466fc Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 19 Aug 2019 10:23:04 +0300 Subject: [PATCH 1/3] add note about CSP https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4529 --- .../mdm/federated-authentication-device-enrollment.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md index dff91fd372..1a6424530a 100644 --- a/windows/client-management/mdm/federated-authentication-device-enrollment.md +++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md @@ -167,6 +167,9 @@ AuthenticationServiceUrl?appru=&login_hint= After authentication is complete, the auth server should return an HTML form document with a POST method action of appid identified in the query string parameter. +> [!NOTE] +> To make an application compatible with strict CSP (Content Security Policy) it is usually necessary to make some changes to HTML templates and client-side code, add the policy header, and test that everything works properly once the policy is deployed. + ``` HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 From 44148210f7060513ff2074823e8f6dc95497054b Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 19 Aug 2019 12:32:28 +0300 Subject: [PATCH 2/3] Update windows/client-management/mdm/federated-authentication-device-enrollment.md as advised Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../mdm/federated-authentication-device-enrollment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md index 1a6424530a..ce3c176232 100644 --- a/windows/client-management/mdm/federated-authentication-device-enrollment.md +++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md @@ -168,7 +168,7 @@ AuthenticationServiceUrl?appru=&login_hint= After authentication is complete, the auth server should return an HTML form document with a POST method action of appid identified in the query string parameter. > [!NOTE] -> To make an application compatible with strict CSP (Content Security Policy) it is usually necessary to make some changes to HTML templates and client-side code, add the policy header, and test that everything works properly once the policy is deployed. +> To make an application compatible with strict CSP (Content Security Policy), it is usually necessary to make some changes to HTML templates and client-side code, add the policy header, and test that everything works properly once the policy is deployed. ``` HTTP/1.1 200 OK From 84df833b3d86e0254dba55ee31fe76cb0a1e81b6 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Mon, 19 Aug 2019 12:54:56 +0300 Subject: [PATCH 3/3] removed CSP to not create confusion as requested by Manika --- .../mdm/federated-authentication-device-enrollment.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md index ce3c176232..12af80dacf 100644 --- a/windows/client-management/mdm/federated-authentication-device-enrollment.md +++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md @@ -168,7 +168,7 @@ AuthenticationServiceUrl?appru=&login_hint= After authentication is complete, the auth server should return an HTML form document with a POST method action of appid identified in the query string parameter. > [!NOTE] -> To make an application compatible with strict CSP (Content Security Policy), it is usually necessary to make some changes to HTML templates and client-side code, add the policy header, and test that everything works properly once the policy is deployed. +> To make an application compatible with strict Content Security Policy, it is usually necessary to make some changes to HTML templates and client-side code, add the policy header, and test that everything works properly once the policy is deployed. ``` HTTP/1.1 200 OK