Project:
| View Revisions: Issue #47837 | [ Back to Issue ] | ||
| Summary | 0047837: index.html has inline scripts | ||
| Revision | 2021-11-05 07:39 by alostale | ||
| Steps To Reproduce | 1. Configure app server to include CSP header by either: a. setting it in Apache or b. setting it in Tomcat (ie. apply attached diff) 2. Run pos2 (in production mode) -> ERROR: it is not rendered |
||
| Revision | 2021-11-05 07:39 by alostale | ||
| Description | Core2 applications' index.html has some inline scripts. This is a discouraged practice. Its execution would be prevented if an strict CSP is put in place [1]. --- [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP [^] |
||
| Revision | 2021-11-05 07:33 by alostale | ||
| Steps To Reproduce | 1. Configure app server to include CSP header by either: a. setting it in Apache or b. setting it in Tomcat (ie. apply attached diff) 2. Run pos2 (in production mode) and ensure everything is working fine -> check developers console to ensure no script execution was prevented |
||
| Revision | 2021-11-05 07:33 by alostale | ||
| Description | Core2 applications should support Content Security Policy (CSP) headers [1]. --- [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP [^] |
||
| Copyright © 2000 - 2009 MantisBT Group |
 |