Project:
View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||
ID | |||||||||||
0047996 | |||||||||||
Type | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||||
feature request | [POS2] Core | minor | have not tried | 2021-11-05 07:33 | 2022-02-01 08:07 | ||||||
Reporter | alostale | View Status | public | ||||||||
Assigned To | Triage Platform Base | ||||||||||
Priority | normal | Resolution | open | Fixed in Version | |||||||
Status | acknowledged | Fix in branch | Fixed in SCM revision | ||||||||
Projection | none | ETA | none | Target Version | |||||||
OS | Any | Database | Any | Java version | |||||||
OS Version | Database version | Ant version | |||||||||
Product Version | SCM revision | ||||||||||
Review Assigned To | |||||||||||
Regression level | |||||||||||
Regression date | |||||||||||
Regression introduced in release | |||||||||||
Regression introduced by commit | |||||||||||
Triggers an Emergency Pack | No | ||||||||||
Summary | 0047996: make core2/pos2 CSP ready | ||||||||||
Description | Core2 applications should support Content Security Policy (CSP) headers [1]. --- [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP [^] | ||||||||||
Steps To Reproduce | 1. Configure app server to include CSP header by either: a. setting it in Apache or b. setting it in Tomcat (ie. apply attached diff) 2. Run pos2 (in production mode) and ensure everything is working fine -> check developers console to ensure no script execution was prevented | ||||||||||
Proposed Solution | 1. Remove all inline scripts (if any) 2(?) Decide whether this should mode should be used in CI. Note backoffice does not support CSP. Maybe running in report only mode [1] and ensure no reports are produced. --- [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only [^] | ||||||||||
Tags | No tags attached. | ||||||||||
Attached Files | tomcat-csp.diff [^] (1,050 bytes) 2021-11-05 07:40 [Show Content] | ||||||||||
Relationships [ Relation Graph ] [ Dependency Graph ] | ||||||||||||||||||||
|
Issue History | |||
Date Modified | Username | Field | Change |
2021-11-05 07:33 | alostale | New Issue | |
2021-11-05 07:33 | alostale | Assigned To | => platform |
2021-11-05 07:33 | alostale | Triggers an Emergency Pack | => No |
2021-11-05 07:33 | alostale | Issue generated from | 0047837 |
2021-11-05 07:33 | alostale | Relationship added | depends on 0047837 |
2021-11-05 07:40 | alostale | File Added: tomcat-csp.diff | |
2021-11-05 07:50 | alostale | Relationship added | depends on 0047997 |
2021-12-16 10:30 | caristu | Status | new => acknowledged |
2022-02-01 08:07 | alostale | Assigned To | platform => Triage Platform Base |
Copyright © 2000 - 2009 MantisBT Group |