You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@myfaces.apache.org by lo...@apache.org on 2016/06/29 17:16:45 UTC

svn commit: r1750679 - /myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml

Author: lofwyr
Date: Wed Jun 29 17:16:45 2016
New Revision: 1750679

URL: http://svn.apache.org/viewvc?rev=1750679&view=rev
Log:
TOBAGO-1534

Modified:
    myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml

Modified: myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml?rev=1750679&r1=1750678&r2=1750679&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml (original)
+++ myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml Wed Jun 29 17:16:45 2016
@@ -44,8 +44,9 @@
   <!-- This is needed for the testing functionality of the demo, it works with iframes -->
   <prevent-frame-attacks>false</prevent-frame-attacks>
 
-  <!-- XXX With CSP Tobago 3.0.x is currently not working 100% see TOBAGO-1534 -->
-  <content-security-policy mode="report-only">
+  <content-security-policy mode="on">
+    <!-- XXX With CSP Tobago 3.0.x is currently not working 100% see TOBAGO-1534, because of JSF-AJAX -->
+    <directive>script-src 'self' 'unsafe-eval'</directive>
     <directive>frame-src https://maps.google.com</directive>
   </content-security-policy>