couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robertkowal...@apache.org
Subject couchdb commit: updated refs/heads/master to dbd38a1
Date Fri, 28 Nov 2014 21:01:08 GMT
Repository: couchdb
Updated Branches:
  refs/heads/master b9ac495dd -> dbd38a1b9


Enable CSP support for /_utils per default

With Futon getting removed in 2.x, which had too much inline-
JavaScript etc., is not used any more. Fauxton is able to work
with our default CSP settings.


Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/dbd38a1b
Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/dbd38a1b
Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/dbd38a1b

Branch: refs/heads/master
Commit: dbd38a1b948bc83e8228d1fd4618a3cfbfdfdd9e
Parents: b9ac495
Author: Robert Kowalski <rok@kowalski.gd>
Authored: Sat Sep 6 20:49:12 2014 +0200
Committer: Robert Kowalski <rok@kowalski.gd>
Committed: Fri Nov 28 21:57:27 2014 +0100

----------------------------------------------------------------------
 rel/overlay/etc/default.ini | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb/blob/dbd38a1b/rel/overlay/etc/default.ini
----------------------------------------------------------------------
diff --git a/rel/overlay/etc/default.ini b/rel/overlay/etc/default.ini
index 73121d4..76508aa 100644
--- a/rel/overlay/etc/default.ini
+++ b/rel/overlay/etc/default.ini
@@ -80,9 +80,9 @@ iterations = 10 ; iterations for password hashing
 ; comma-separated list of public fields, 404 if empty
 ; public_fields =
 
-; Experimental CSP (Content Security Policy) Support for _utils
+; CSP (Content Security Policy) Support for _utils
 [csp]
-enable = false
+enable = true
 ; header_value = default-src 'self'; img-src 'self'; font-src *; script-src 'self' 'unsafe-eval';
style-src 'self' 'unsafe-inline';
 
 [cors]


Mime
View raw message