Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0047996
TypeCategorySeverityReproducibilityDate SubmittedLast Update
feature request[POS2] Coreminorhave not tried2021-11-05 07:332022-02-01 08:07
ReporteralostaleView Statuspublic 
Assigned ToTriage Platform Base 
PrioritynormalResolutionopenFixed in Version
StatusacknowledgedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0047996: make core2/pos2 CSP ready

DescriptionCore2 applications should support Content Security Policy (CSP) headers [1].

---
[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP [^]
Steps To Reproduce1. Configure app server to include CSP header by either:

a. setting it in Apache
or
b. setting it in Tomcat (ie. apply attached diff)

2. Run pos2 (in production mode) and ensure everything is working fine
  -> check developers console to ensure no script execution was prevented
Proposed Solution1. Remove all inline scripts (if any)
2(?) Decide whether this should mode should be used in CI. Note backoffice does not support CSP. Maybe running in report only mode [1] and ensure no reports are produced.

---
[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only [^]
TagsNo tags attached.
Attached Filesdiff file icon tomcat-csp.diff [^] (1,050 bytes) 2021-11-05 07:40 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]
depends on defect 0047837 closedalostale index.html has inline scripts 
depends on design defect 0047997 acknowledgedTriage Platform Base can't print documents if CSP headers are set 
Not all the children of this issue are yet resolved or closed.

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2021-11-05 07:33 alostale New Issue
2021-11-05 07:33 alostale Assigned To => platform
2021-11-05 07:33 alostale Triggers an Emergency Pack => No
2021-11-05 07:33 alostale Issue generated from 0047837
2021-11-05 07:33 alostale Relationship added depends on 0047837
2021-11-05 07:40 alostale File Added: tomcat-csp.diff
2021-11-05 07:50 alostale Relationship added depends on 0047997
2021-12-16 10:30 caristu Status new => acknowledged
2022-02-01 08:07 alostale Assigned To platform => Triage Platform Base


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker