You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@allura.apache.org by Dave Brondsema <da...@brondsema.net> on 2022/10/14 14:54:33 UTC

[allura:tickets] #8470 Add CSP Headers

- **status**: review --> closed
- **Reviewer**: Dave Brondsema



---

** [tickets:#8470] Add CSP Headers**

**Status:** closed
**Milestone:** unreleased
**Created:** Tue Sep 27, 2022 03:13 PM UTC by Guillermo Cruz
**Last Updated:** Wed Sep 28, 2022 06:27 PM UTC
**Owner:** Guillermo Cruz


There's a couple of Content Security Policy headers we can add as an extra layer of security. Some of these header are `obj-src`, `upgrade-insecure-request`, `frame-ancestors` and `form-action`. 

`frame-ancestors` and `form-action` can be configurable


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.