Hi,
I need to implement an Content Security Policy (CSP) for the guacamole web
application. This is done via http headers added to the response from the
tomcat server running guacamole. So here are the questions I would ask myself:
1. How do I add HTTP headers to a tomcat server or guacamole configuration? If
I cannot do it easily, how do I add them to an nginx config for a proxied
application?2. What is the format of the CSP header?3. What is a good CSP
policy to implement to cover what we need?
I was just wondering how if anyone has done this before. Any help would be much
appreciated. I am using Guacamole inside docker containers.
Thanks
