[
https://issues.apache.org/jira/browse/OFBIZ-6766?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16491951#comment-16491951
]
Jacques Le Roux edited comment on OFBIZ-6766 at 5/27/18 7:32 AM:
-----------------------------------------------------------------
I'm done with this. I created OFBIZ-10417 for create a real Content Security
Policy (CSP). For now we only report. But sincerely I think it will be let as
is and we will let users decide on their own CSP... So the report only mode is
just a reminder for them...
was (Author: jacques.le.roux):
I'm done with this. I created OFBIZ-10417 for create a real Content Security
Policy (CSP). For now we only report. But I think it will be let as is and let
users decide on their own CSP.
> Secure HTTP headers
> -------------------
>
> Key: OFBIZ-6766
> URL: https://issues.apache.org/jira/browse/OFBIZ-6766
> Project: OFBiz
> Issue Type: Sub-task
> Components: framework
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
> Fix For: 17.12.01
>
> Attachments: OFBIZ-6766-UtilHttp.java.patch
>
>
> I have created a wiki page for this
> https://cwiki.apache.org/confluence/display/OFBIZ/How+to+Secure+HTTP+Headers
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
