myfaces-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lof...@apache.org
Subject svn commit: r1750679 - /myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
Date Wed, 29 Jun 2016 17:16:45 GMT
Author: lofwyr
Date: Wed Jun 29 17:16:45 2016
New Revision: 1750679

URL: http://svn.apache.org/viewvc?rev=1750679&view=rev
Log:
TOBAGO-1534

Modified:
    myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml

Modified: myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml?rev=1750679&r1=1750678&r2=1750679&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
(original)
+++ myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
Wed Jun 29 17:16:45 2016
@@ -44,8 +44,9 @@
   <!-- This is needed for the testing functionality of the demo, it works with iframes
-->
   <prevent-frame-attacks>false</prevent-frame-attacks>
 
-  <!-- XXX With CSP Tobago 3.0.x is currently not working 100% see TOBAGO-1534 -->
-  <content-security-policy mode="report-only">
+  <content-security-policy mode="on">
+    <!-- XXX With CSP Tobago 3.0.x is currently not working 100% see TOBAGO-1534, because
of JSF-AJAX -->
+    <directive>script-src 'self' 'unsafe-eval'</directive>
     <directive>frame-src https://maps.google.com</directive>
   </content-security-policy>
 



Mime
View raw message