Feature Request

Description: Currently, Document360 KB sites inject the Content Security Policy (CSP) using a <meta> tag in the HTML <head>. This approach: Is not detected by automated security scanning tools (which check HTTP response headers). Lacks support for certain directives (frame-ancestors, sandbox). Is less effective against some XSS scenarios compared to HTTP header–based enforcement. Additionally, the X-Content-Type-Options: nosniff header is missing, leading to security scan failures. This header is not implemented due to MIME type concerns when customers upload files without proper content types. Requested Scope: Implement CSP as an HTTP response header with safe default directives. Add X-Content-Type-Options: nosniff header (with file content type validation). Include CSP directives requested by customers: form-action — restrict form submission destinations. default-src — define fallback sources for all resource types. report-uri / report-to — log CSP violations without enforcement. Review script-src, style-src, frame-src, and worker-src for potential removal of unsafe-inline and unsafe-eval. Benefits: Passes industry-standard compliance scans (e.g., securityheaders.com ). Meets customer security requirements without backend intervention.

It would be good if new categories which are added to the knowledge base portal are added to the Reader Group(s)( content access) automatically. With this, we can make sure that all the contents are visible to the readers and we can save a lot of time.

I would love to see multi-factor authentication using either Google or Microsoft authenticator.

There should be a provision to restrict users from exporting or downloading specific articles on the knowledge base.

I want to be able to have locked content be visible on our site but not show any details of the article, just the title. If the article is clicked on, it should display a "request access" menu where users can type out a short message of why they need access. I want to then be able to review these requests and determine whether to grant or deny access to the document. This menu should require users to be logged in, that way we can verify their email address.

We need the option to automatically synchronize certificate data from the metadata URL whenever changes occur on the IDP. Our system experienced a critical outage due to an expired certificate that was not automatically refreshed on the Doc360 side

This request was raised on behalf of Jon Currently, when we choose to switch to different IdP with SSO configuration, we have to manually remove the SSO users and then reconfigure the new SSO and add the users back as SSO users. It would be better if we have an option to change the IdP from the SSO settings itself so that we don't have to manually remove and then add the users. Thank you.

There any many customers who have similar products related to each other and they want these products to be documented as part of the same KB. Thus clients are expecting to use multiple JWT tokens. Kindly facilitate this

Instead of having to create Groups manually in Document360, SCIM should be used to synchronise Azure Groups to Document 360, allowing for easier membership adminsitration.

Redirect users with no access to an article to a replicated version of said article that they do have access to vs. showing the 404 error page.