You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by jl...@apache.org on 2016/01/04 18:42:38 UTC
svn commit: r1722927 - in /ofbiz/site/dtds: entity-eca.xsd site-conf.xsd
Author: jleroux
Date: Mon Jan 4 17:42:38 2016
New Revision: 1722927
URL: http://svn.apache.org/viewvc?rev=1722927&view=rev
Log:
Updates dtds
Modified:
ofbiz/site/dtds/entity-eca.xsd
ofbiz/site/dtds/site-conf.xsd
Modified: ofbiz/site/dtds/entity-eca.xsd
URL: http://svn.apache.org/viewvc/ofbiz/site/dtds/entity-eca.xsd?rev=1722927&r1=1722926&r2=1722927&view=diff
==============================================================================
--- ofbiz/site/dtds/entity-eca.xsd (original)
+++ ofbiz/site/dtds/entity-eca.xsd Mon Jan 4 17:42:38 2016
@@ -246,12 +246,3 @@ under the License.
</xs:attribute>
</xs:attributeGroup>
</xs:schema>
-<!--
- <entity-eca>
- <eca entity="Product" operation="create" event="return">
- <condition field-name="foo" operator="equals" rhs="1"/>
- <action service="testScv" mode="sync"/>
- <action service="testScv2" mode="sync"/>
- </eca>
- </entity-eca>
--->
Modified: ofbiz/site/dtds/site-conf.xsd
URL: http://svn.apache.org/viewvc/ofbiz/site/dtds/site-conf.xsd?rev=1722927&r1=1722926&r2=1722927&view=diff
==============================================================================
--- ofbiz/site/dtds/site-conf.xsd (original)
+++ ofbiz/site/dtds/site-conf.xsd Mon Jan 4 17:42:38 2016
@@ -774,5 +774,38 @@ under the License.
</xs:restriction>
</xs:simpleType>
</xs:attribute>
+ <xs:attribute name="x-frame-option" default="sameorigin">
+ <xs:annotation>
+ <xs:documentation>
+ Provides clickjacking protection by instructing browsers that this page should not be placed within a frame.
+ Possible values are:
+ deny - no rendering within a frame,
+ sameorigin - no rendering if origin mismatch, and
+ allow-from: - allow rendering if framing page is within the specified URI domain.
+ Allow from is supported by IE and Firefox, but not Chrome or Safari.
+ It will also interfere with In Page Google Analytics since it requires your page to be framed by Google.
+ </xs:documentation>
+ </xs:annotation>
+ <xs:simpleType>
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="deny"/>
+ <xs:enumeration value="sameorigin"/>
+ <xs:enumeration value="allow-from"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ <xs:attribute type="xs:string" name="strict-transport-security">
+ <xs:annotation>
+ <xs:documentation>
+ HTTP Strict-Transport-Security (HSTS) enforces secure (HTTP over SSL/TLS) connections to the server.
+ This reduces impact of bugs in web applications leaking session data through cookies and external links and defends against Man-in-the-middle attacks.
+ HSTS also disables the ability for users to ignore SSL negotiation warnings.
+ If the security of the connection cannot be ensured (e.g. the server's TLS certificate is not trusted),
+ it shows an error message and do not allow the user to access the web application.
+ As recommended by OWASP, by default "max-age=31536000; includeSubDomains" is used except if the server is localhost or 127.0.0.1.
+ If the strict-transport-security is "none" then it will not be used.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
</xs:attributeGroup>
</xs:schema>