Enabling HTTP Content-Security-Policy (CSP) in WebObjects/WOnder-Ajax based applications?

René Bock via Webobjects-dev Wed, 08 Mar 2023 01:51:38 -0800

Hi,

has anybody ever successfully enabled the HTTP Content-Security-Policy in a 
WOnder application – especially when the Ajax-Framework is heavily used?


From my point of view, there are three main challenges to overcome when 
implementing the CSP:

* inline script code
* DOM event handlers as HTML attributes 
* evals 


Especially when using the 'unsafe-inline', 'unsafe-eval' etc. keywords are not 
an option.



Regards

        René


--
Phone: +49 69 650096 18
salient GmbH // Lindleystraße 12 // 60314 Frankfurt
Amtsgericht Frankfurt am Main // salient GmbH HRB 48693

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Enabling HTTP Content-Security-Policy (CSP) in WebObjects/WOnder-Ajax based applications?

Reply via email to