Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
6.3.0
-
None
Description
I have been trying to implement CSP on our website. The CSP interceptor provides an elegant solution with the <s:script> and <s:link> tags. However, I want to set my own base-uri. And perhaps make some other changes to the CSP headers.
But these values are not accessible. Only the report-only and report-uri can be changed. Even if one is willing to work at the Action level and implement a new interface for all of them, I can't change the base-uri. I've seen people on Stack Overflow disable it for this reason. I want to use it, but could someone please explain how to set the base-uri globally? If not, I will likely have to make my own.
P.S. I will update the documentation page. Nowhere in the description of the interceptor does it mention the script and link tags, and without those, it is useless!
