I set these headers (and HSTS header) with a simple servlet filter. Regards, Eric
On Fri, Jan 10, 2020, 9:26 AM Jason E Bailey <[email protected]> wrote: > If you're not familiar with them > > https://tools.ietf.org/html/rfc7231 > https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP > > I'm wondering if anyone has used the CSP to secure javascript and styles > successfully in Sling and what techniques did they use to get there. > > I'm about to raise an issue with our vendor because of lack of support, > but I like to try to avoid tickets if necessary. > > - Jason >
