- **status**: in-progress --> review
--- ** [tickets:#8470] Add CSP Headers** **Status:** review **Milestone:** unreleased **Created:** Tue Sep 27, 2022 03:13 PM UTC by Guillermo Cruz **Last Updated:** Tue Sep 27, 2022 03:13 PM UTC **Owner:** Guillermo Cruz There's a couple of Content Security Policy headers we can add as an extra layer of security. Some of these header are `obj-src`, `upgrade-insecure-request`, `frame-ancestors` and `form-action`. `frame-ancestors` and `form-action` can be configurable --- Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
