[jira] [Updated] (OFBIZ-10417) Create a Content Security Policy

     [ https://issues.apache.org/jira/browse/OFBIZ-10417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux updated OFBIZ-10417:
------------------------------------
    Description:
At OFBIZ-6766 I have added a Content Security Policy

To not block anything for the moment I have committed an only report policy using the Content-Security-Policy-Report-Only header.

The idea is that we can look at the issues using browsers tools.
The next step is to report the errors (when there will not be too much) in the log using a report-uri
And ultimately to use OOTB the most simple and constraining policy, with exceptions of course (as ever).
If we encounter performance issues, or other disagrements, we can even  we can comment out the current Content-Security-Policy-Report-Only

Sincerely I think it will be let as is and we will let users decide on their own CSP... So the report only mode is just a reminder for them...

  was:
At OFBIZ-6766 I have added a Content Security Policy

To not block anything for the moment I have committed an only report policy using the Content-Security-Policy-Report-Only header.

The idea is that we can look at the issues using browsers tools.
The next step is to report the errors (when there will not be too much) in the log using a report-uri
And ultimately to use OOTB the most simple and constraining policy, with exceptions of course (as ever).
If we encounter performance issues, or other disagrements, we can even  we can comment out the current Content-Security-Policy-Report-Only

Sincerely I think it will be let as is and we will let users decide on their own CSP... So the report only is just a reminder...




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)