[
https://issues.apache.org/jira/browse/OFBIZ-10417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16498350#comment-16498350 ]
Jacques Le Roux commented on OFBIZ-10417:
-----------------------------------------
How could a report only policy prevents the ecommerce to work? Moreover this report only CSP is in place for 6 months already and nobody else complained
So please be more specific, add details and URLs from the official demos that don't work, thanks.
If you have specific problems with your own implementation it can't considered as it's not an OOTB (Out Of The Box) issue.
> Create a Content Security Policy
> --------------------------------
>
> Key: OFBIZ-10417
> URL:
https://issues.apache.org/jira/browse/OFBIZ-10417> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Reporter: Jacques Le Roux
> Priority: Minor
>
> At OFBIZ-6766 I have added a Content Security Policy
> To not block anything for the moment I have committed an only report policy using the Content-Security-Policy-Report-Only header.
> The idea is that we can look at the issues using browsers tools.
> The next step is to report the errors (when there will not be too much) in the log using a report-uri
> And ultimately to use OOTB the most simple and constraining policy, with exceptions of course (as ever).
> If we encounter performance issues, or other disagrements, we can even we can comment out the current Content-Security-Policy-Report-Only
> Sincerely I think it will be let as is and we will let users decide on their own CSP... So the report only mode is just a reminder for them...
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Locked
