You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ofbiz.apache.org by "Jacques Le Roux (JIRA)" <ji...@apache.org> on 2018/05/27 07:29:00 UTC

[jira] [Created] (OFBIZ-10417) Create a Content Security Policy

Jacques Le Roux created OFBIZ-10417:
---------------------------------------

             Summary: Create a Content Security Policy
                 Key: OFBIZ-10417
                 URL: https://issues.apache.org/jira/browse/OFBIZ-10417
             Project: OFBiz
          Issue Type: Improvement
          Components: framework
            Reporter: Jacques Le Roux


At OFBIZ-6766 I have added a Content Security Policy

To not block anything for the moment I have committed an only report policy using the Content-Security-Policy-Report-Only header.

The idea is that we can look at the issues using browsers tools.
The next step is to report the errors (when there will not be too much) in the log using a report-uri
And ultimately to use OOTB the most simple and constraining policy, with exceptions of course (as ever).
If we encounter performance issues, or other disagrements, we can even  we can comment out the current Content-Security-Policy-Report-Only 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)