myfaces-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <...@myfaces.apache.org>
Subject [jira] [Commented] (TOBAGO-1791) There should be a "nonce" for each request to protect CSS with CSP
Date Wed, 20 Sep 2017 09:50:00 GMT

    [ https://issues.apache.org/jira/browse/TOBAGO-1791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16172962#comment-16172962
] 

Hudson commented on TOBAGO-1791:
--------------------------------

SUCCESS: Integrated in Jenkins build Tobago Trunk #1036 (See [https://builds.apache.org/job/Tobago%20Trunk/1036/])
TOBAGO-1791: There should be a "nonce" for each request to protect CSS (lofwyr: rev 3657a5e613961e04a6bc2c9cd0755a403cea0fac)
* (edit) tobago-core/src/main/java/org/apache/myfaces/tobago/internal/renderkit/renderer/StyleRenderer.java
* (edit) tobago-core/src/main/java/org/apache/myfaces/tobago/internal/renderkit/renderer/ScriptRenderer.java
* (edit) tobago-core/src/main/resources/META-INF/tobago-config.xml


> There should be a "nonce" for each request to protect CSS with CSP
> ------------------------------------------------------------------
>
>                 Key: TOBAGO-1791
>                 URL: https://issues.apache.org/jira/browse/TOBAGO-1791
>             Project: MyFaces Tobago
>          Issue Type: New Feature
>          Components: Core
>            Reporter: Udo Schnurpfeil
>            Assignee: Udo Schnurpfeil
>            Priority: Minor
>             Fix For: 4.0.0
>
>
> The "nonce" allowes inline styling, so we don't need the data-tobago-style attribute.
> The "nonce" should also be usable inside the tobago-config.xml -> directive



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message