ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (OFBIZ-6759) Improves HTTP header
Date Wed, 18 Oct 2017 15:12:00 GMT

     [ https://issues.apache.org/jira/browse/OFBIZ-6759?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Jacques Le Roux closed OFBIZ-6759.
       Resolution: Duplicate
    Fix Version/s: Upcoming Release

I just checked with securityheaders.io and it's already OK (done by the Request Handler at
OFBIZ-6766): https://s.apache.org/pMx5

> Improves HTTP header
> --------------------
>                 Key: OFBIZ-6759
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-6759
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: framework, themes
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Minor
>             Fix For: Upcoming Release
> After looking at https://cyh.herokuapp.com/cyh and https://www.owasp.org/index.php/List_of_useful_HTTP_headers
and checking what we currently use as/in HTTP header fields in themes and other places I think
it's time to update the header.
> The idea is to create a new header FTL template in framework/image and to include it
"where needed" and possibly refactor what currently exist.
> As there are many ways to define "where needed". I decided to keep things simple. There
are (case insensitive) 324 occurences of "<head>", 112 occurences of "<html" but
only 16 occurences of "<html lang=" and only 12 in FTL templates (others are in jQuery
> Most of the 112 occurences of "<html" belong to email templates. So I will focus on
the not email templates cases among the 12 in FTL templates.

This message was sent by Atlassian JIRA

View raw message