ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OFBIZ-6766) Secure HTTP headers
Date Fri, 20 Oct 2017 08:23:02 GMT

    [ https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16212344#comment-16212344
] 

Jacques Le Roux commented on OFBIZ-6766:
----------------------------------------

At r1812720 I have added a Content Security Policy

To not block anything for the moment I have committed a simple most restrictive Content-Security-Policy-Report-Only
header

Then we can look at the issues using browsers tools (there are so much)
The next step is to report the errors (when there will not be too much) in the log using a
report-uri
And ultimately to use OOTB the most simple and constraining policy, with exceptions of course
(as ever).
If we encounter performance issue we can comment out the current Content-Security-Policy-Report-Only




> Secure HTTP headers
> -------------------
>
>                 Key: OFBIZ-6766
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-6766
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>             Fix For: Upcoming Release
>
>
> I have created a wiki page for this https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message