Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0047837
TypeCategorySeverityReproducibilityDate SubmittedLast Update
feature request[POS2] Coreminorhave not tried2021-10-13 09:102021-10-18 11:28
ReporteralostaleView Statuspublic 
Assigned Toalostale 
PrioritynormalResolutionopenFixed in Version
StatusscheduledFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0047837: make core2/pos2 CSP ready

DescriptionCore2 applications should support Content Security Policy (CSP) headers [1].

---
[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP [^]
Steps To Reproduce1. Configure app server to include CSP header by either:

a. setting it in Apache
or
b. setting it in Tomcat (ie. apply attached diff)

2. Run pos2 (in production mode) and ensure everything is working fine
  -> check developers console to ensure no script execution was prevented
Proposed Solution1. Remove all inline scripts (if any)
2(?) Decide whether this should mode should be used in CI. Note backoffice does not support CSP. Maybe running in report only mode [1] and ensure no reports are produced.

---
[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only [^]
TagsNo tags attached.
Attached Filesdiff file icon tomcat-csp.diff [^] (1,050 bytes) 2021-10-13 09:11 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]
related to defect 0046950 closedalostale Openbravo ERP prevent image inline scripts 

-  Notes
(0132365)
hgbot (developer)
2021-10-15 13:21

Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/650 [^]

- Issue History
Date Modified Username Field Change
2021-10-13 09:10 alostale New Issue
2021-10-13 09:10 alostale Assigned To => Retail
2021-10-13 09:10 alostale Triggers an Emergency Pack => No
2021-10-13 09:11 alostale File Added: tomcat-csp.diff
2021-10-13 09:12 alostale Relationship added related to 0046950
2021-10-13 09:17 alostale Proposed Solution updated
2021-10-15 13:21 hgbot Note Added: 0132365
2021-10-18 11:28 guilleaer Status new => scheduled
2021-10-18 11:28 guilleaer Assigned To Retail => alostale


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker