myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <...@myfaces.apache.org>
Subject [jira] [Commented] (TOBAGO-1791) There should be a "nonce" for each request to protect CSS and JavaScript with CSP
Date Wed, 30 Aug 2017 15:51:02 GMT

    [ https://issues.apache.org/jira/browse/TOBAGO-1791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16147488#comment-16147488
] 

Hudson commented on TOBAGO-1791:
--------------------------------

SUCCESS: Integrated in Jenkins build Tobago Trunk #995 (See [https://builds.apache.org/job/Tobago%20Trunk/995/])
TOBAGO-1790: CSP definition must be appendable 
TOBAGO-1791: There should be a "nonce" for each request to protect CSS and JavaScript with
CSP
TOBAGO-1792: CSP: using CSP Level 2 syntax (lofwyr: [http://svn.apache.org/viewvc/?view=rev&rev=1806697])
* (edit) tobago-trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/ContentSecurityPolicy.java
* (edit) tobago-trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java
* (edit) tobago-trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/util/ResponseUtils.java
* (add) tobago-trunk/tobago-core/src/main/resources/META-INF/tobago-config.xml
* (edit) tobago-trunk/tobago-core/src/main/resources/org/apache/myfaces/tobago/config/tobago-config-4.0.xsd
* (edit) tobago-trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMergingUnitTest.java
* (edit) tobago-trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParserUnitTest.java
* (edit) tobago-trunk/tobago-core/src/test/resources/tobago-config-2.0.xml
* (edit) tobago-trunk/tobago-core/src/test/resources/tobago-config-4.0.xml
* (add) tobago-trunk/tobago-core/src/test/resources/tobago-config-merge-3.xml
* (edit) tobago-trunk/tobago-core/src/test/resources/tobago-config-untidy-2.0.xml
* (edit) tobago-trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
* (edit) tobago-trunk/tobago-example/tobago-example-demo/src/main/webapp/content/20-component/020-output/60-object/object.xhtml
* (edit) tobago-trunk/tobago-theme/tobago-theme-standard/src/main/resources/META-INF/tobago-config.xml


> There should be a "nonce" for each request to protect CSS and JavaScript with CSP
> ---------------------------------------------------------------------------------
>
>                 Key: TOBAGO-1791
>                 URL: https://issues.apache.org/jira/browse/TOBAGO-1791
>             Project: MyFaces Tobago
>          Issue Type: New Feature
>          Components: Core
>            Reporter: Udo Schnurpfeil
>            Assignee: Udo Schnurpfeil
>            Priority: Minor
>
> The "nonce" should also be usable inside the tobago-config.xml -> directive



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message