---
** [tickets:#8470] Add CSP Headers**
**Status:** in-progress
**Milestone:** unreleased
**Created:** Tue Sep 27, 2022 03:13 PM UTC by Guillermo Cruz
**Last Updated:** Tue Sep 27, 2022 03:13 PM UTC
**Owner:** Guillermo Cruz
There's a couple of Content Security Policy headers we can add as an extra
layer of security. Some of these header are `obj-src`,
`upgrade-insecure-request`, `frame-ancestors` and `form-action`.
`frame-ancestors` and `form-action` can be configurable
---
Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed
to https://forge-allura.apache.org/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is
a mailing list, you can unsubscribe from the mailing list.
