OFBiz OFBiz - Notifications

[jira] [Commented] (OFBIZ-6766) Secure HTTP headers

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (OFBIZ-6766) Secure HTTP headers

Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16212344#comment-16212344 ]

Jacques Le Roux commented on OFBIZ-6766:
----------------------------------------

At r1812720 I have added a Content Security Policy

To not block anything for the moment I have committed a simple most restrictive Content-Security-Policy-Report-Only header

Then we can look at the issues using browsers tools (there are so much)
The next step is to report the errors (when there will not be too much) in the log using a report-uri
And ultimately to use OOTB the most simple and constraining policy, with exceptions of course (as ever).
If we encounter performance issue we can comment out the current Content-Security-Policy-Report-Only



> Secure HTTP headers
> -------------------
>
>                 Key: OFBIZ-6766
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-6766
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>             Fix For: Upcoming Release
>
>
> I have created a wiki page for this https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
Free forum by Nabble Edit this page