https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20397
--- Comment #4 from David Cook <dc...@prosentient.com.au> --- (In reply to Benjamin Daeuber from comment #2) > We're currently experimenting with this in response headers in Apache, > though part of the struggle is getting a hold on the variety of resources > we're currently loading. Paypal, cover images, analytics scripts, enhanced > content, jquery libraries, etc, etc. To start, we could use this example: "# Don't implement the above policy yet; instead just report violations that would have occurred Content-Security-Policy-Report-Only: default-src https:; report-uri /csp-violation-report-endpoint/" That might help us build up a good list? > Is the thought to do this with meta tags or using response headers? It seems like a response header is preferred? -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
