Uploaded image for project: 'SET - Setups'
  1. SET - Setups
  2. SET-204

Update security header for Content-Security-Policy

    XMLWordPrintable

Details

    • Feature
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 2.0.0
    • 2.1.1
    • None

    Description

      Current Situation

      • The security header value for Content-Security-Policy configured with jetty/etc/jetty-rewrite.xml includes:
        script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'
        

      Desired Behavior

      • The security header value for Content-Security-Policy should include:
        script-src 'self' data: blob:; style-src 'self' 'unsafe-inline'; frame-src 'self'; frame-ancestors 'self'
        

      Attachments

        Issue Links

          Activity

            People

              oh Oliver Haufe
              ap Andreas Püschel
              Andreas Püschel Andreas Püschel
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: