struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [struts] aleksandr-m commented on a change in pull request #430: WW-5084: Add Content Security Policy support to Struts
Date Tue, 18 Aug 2020 21:09:51 GMT

aleksandr-m commented on a change in pull request #430:
URL: https://github.com/apache/struts/pull/430#discussion_r472494636



##########
File path: core/src/main/resources/struts-default.xml
##########
@@ -377,6 +378,10 @@
                 <interceptor-ref name="alias"/>
                 <interceptor-ref name="servletConfig"/>
                 <interceptor-ref name="i18n"/>
+                <interceptor-ref name="cspInterceptor">
+                    <param name="enforcingMode">false</param>
+                    <param name="reportUri">/csp-reports</param>

Review comment:
       What will happen if `reportUri` is set and no action is configured? Maybe we should
remove `reportUri` from default xml?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message