You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2016/06/29 17:16:45 UTC
svn commit: r1750679 -
/myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
Author: lofwyr
Date: Wed Jun 29 17:16:45 2016
New Revision: 1750679
URL: http://svn.apache.org/viewvc?rev=1750679&view=rev
Log:
TOBAGO-1534
Modified:
myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
Modified: myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml?rev=1750679&r1=1750678&r2=1750679&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml (original)
+++ myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml Wed Jun 29 17:16:45 2016
@@ -44,8 +44,9 @@
<!-- This is needed for the testing functionality of the demo, it works with iframes -->
<prevent-frame-attacks>false</prevent-frame-attacks>
- <!-- XXX With CSP Tobago 3.0.x is currently not working 100% see TOBAGO-1534 -->
- <content-security-policy mode="report-only">
+ <content-security-policy mode="on">
+ <!-- XXX With CSP Tobago 3.0.x is currently not working 100% see TOBAGO-1534, because of JSF-AJAX -->
+ <directive>script-src 'self' 'unsafe-eval'</directive>
<directive>frame-src https://maps.google.com</directive>
</content-security-policy>