myfaces-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lof...@apache.org
Subject svn commit: r1750680 - /myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
Date Wed, 29 Jun 2016 17:25:15 GMT
Author: lofwyr
Date: Wed Jun 29 17:25:15 2016
New Revision: 1750680

URL: http://svn.apache.org/viewvc?rev=1750680&view=rev
Log:
tests not run with CSP

Modified:
    myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml

Modified: myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
URL: http://svn.apache.org/viewvc/myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml?rev=1750680&r1=1750679&r2=1750680&view=diff
==============================================================================
--- myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
(original)
+++ myfaces/tobago/trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
Wed Jun 29 17:25:15 2016
@@ -44,8 +44,10 @@
   <!-- This is needed for the testing functionality of the demo, it works with iframes
-->
   <prevent-frame-attacks>false</prevent-frame-attacks>
 
-  <content-security-policy mode="on">
-    <!-- XXX With CSP Tobago 3.0.x is currently not working 100% see TOBAGO-1534, because
of JSF-AJAX -->
+  <!-- XXX for the jQuery tests we need 'report-only' here -->
+  <content-security-policy mode="report-only">
+    <!-- XXX With CSP Tobago 3.0.x is currently not working 100% see TOBAGO-1534,
+         XXX because of JSF-AJAX we need 'unsafe-eval' -->
     <directive>script-src 'self' 'unsafe-eval'</directive>
     <directive>frame-src https://maps.google.com</directive>
   </content-security-policy>



Mime
View raw message