Details
-
Feature
-
Status: Released (View Workflow)
-
Minor
-
Resolution: Fixed
-
2.0.0
-
None
Description
Current Situation
- The security header value for Content-Security-Policy configured with jetty/etc/jetty-rewrite.xml includes:
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'
Desired Behavior
- The security header value for Content-Security-Policy should include:
script-src 'self' data: blob:; style-src 'self' 'unsafe-inline'; frame-src 'self'; frame-ancestors 'self'
Attachments
Issue Links
- is related to
-
-
- Released
-