CkNoSFeRaTU commented on pull request #93: URL: https://github.com/apache/openmeetings/pull/93#issuecomment-630960542
CSP headers are generally used for preventing XSS attacks but I don't see any functionality in OM which can be utilized by user to embed any malicious scripts. So I think it's not really a big deal if you disable them. And It can be handy if for some reason you have clients with browsers with broken CSP implementations or some popular browser in the future update break something and you need a temporary workaround until it sorted out. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
