Sorry to disturb you.
I read the Contributing.md <https://github.com/apache/tomcat/blob/trunk/CONTRIBUTING.md> on your github mirror and even found the beginner issues <https://bz.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=NEEDINFO&keywords=Beginner&keywords_type=allwords&list_id=160824&product=Tomcat%207&product=Tomcat%208&product=Tomcat%209&query_format=advanced> . Except there are only three of them, out of which one is already solved, one is a case of XML validation (not a bug, technically) and one can be solved using a filter. <https://bz.apache.org/bugzilla/show_bug.cgi?id=58837> So I decided I could go with the filter one but man, CSP is complex and I don't think one could just do a general 'default-src' because even that can be pretty tight. So it is a bit unclear. Thanks for reading. I'd appreciate any help in getting started.
