ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OFBIZ-10417) Create a Content Security Policy
Date Fri, 01 Jun 2018 18:01:00 GMT

    [ https://issues.apache.org/jira/browse/OFBIZ-10417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16498350#comment-16498350

Jacques Le Roux commented on OFBIZ-10417:

How could a report only policy prevents the ecommerce to work? Moreover this report only CSP
is in place for 6 months already and nobody else complained
So please be more specific, add details and URLs from the official demos that don't work,
If you have specific problems with your own implementation it can't considered as it's not
an OOTB (Out Of The Box) issue.

> Create a Content Security Policy
> --------------------------------
>                 Key: OFBIZ-10417
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-10417
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: framework
>            Reporter: Jacques Le Roux
>            Priority: Minor
> At OFBIZ-6766 I have added a Content Security Policy
> To not block anything for the moment I have committed an only report policy using the
Content-Security-Policy-Report-Only header.
> The idea is that we can look at the issues using browsers tools.
> The next step is to report the errors (when there will not be too much) in the log using
a report-uri
> And ultimately to use OOTB the most simple and constraining policy, with exceptions of
course (as ever).
> If we encounter performance issues, or other disagrements, we can even  we can comment
out the current Content-Security-Policy-Report-Only 
> Sincerely I think it will be let as is and we will let users decide on their own CSP...
So the report only mode is just a reminder for them...

This message was sent by Atlassian JIRA

View raw message