Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: framework
    • Labels:
      None

      Description

      At OFBIZ-6766 I have added a Content Security Policy

      To not block anything for the moment I have committed an only report policy using the Content-Security-Policy-Report-Only header.

      The idea is that we can look at the issues using browsers tools.
      The next step is to report the errors (when there will not be too much) in the log using a report-uri
      And ultimately to use OOTB the most simple and constraining policy, with exceptions of course (as ever).
      If we encounter performance issues, or other disagrements, we can even we can comment out the current Content-Security-Policy-Report-Only

      Sincerely I think it will be let as is and we will let users decide on their own CSP... So the report only mode is just a reminder for them...

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                jacques.le.roux Jacques Le Roux
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: