On 14/02/18 11:51, Harrison & Wells wrote:
> Sorry to disturb you.

Not at all.

> I read the Contributing.md
> <https://github.com/apache/tomcat/blob/trunk/CONTRIBUTING.md> on your
> github mirror and even found the beginner issues
> <https://bz.apache.org/bugzilla/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=NEEDINFO&keywords=Beginner&keywords_type=allwords&list_id=160824&product=Tomcat%207&product=Tomcat%208&product=Tomcat%209&query_format=advanced>
> .
> Except there are only three of them, out of which one is already solved,
> one is a case of XML validation (not a bug, technically) and one can be
> solved using a filter.
> <https://bz.apache.org/bugzilla/show_bug.cgi?id=58837>
> So I decided I could go with the filter one but man, CSP is complex and I
> don't think one could just do a general 'default-src' because even that can
> be pretty tight.
> So it is a bit unclear.
> Thanks for reading.
> I'd appreciate any help in getting started.

I agree with you completely regarding the complexity of CSP. I'm not
convinced that a CSP specific filter is possible.

Igal's suggestion in comment #6 is probably the way to go. A generic
HTTP header filter. I'd look at httpd's mod_headers module for
inspiration for the sort of features a generic HTTP header filter should

I don't think the first iteration needs to completely cover all of the
mod_headers functionality (adding headers to the response is probably
enough at this point) but having the eventual functionality in mind will
ensure that configuration parameters (likely filter parameters in this
case) are chosen appropriately.



To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to