Uploaded image for project: 'Grouper'
  1. Grouper
  2. GRP-2616

Add optional Content-Security-Policy header to UI

    XMLWordPrintable

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Unresolved
    • 2.5.0
    • 2.5.28
    • UI
    • None

    Description

      The Content-Security-Policy header tells the browser which external sites a page is allowed to access for css, javascript, images, etc. It can get flagged by security scans as missing. Tomcat by default sets some reasonable security headers, but the CSP isn't one of them, or even supported at all at the server level. Everyone needing this in Tomcat is expected to write their own servlet filter to add it.

       

      Attachments

        Activity

          People

            chad.redman@at.internet2.edu Chad Redman (unc.edu)
            chad.redman@at.internet2.edu Chad Redman (unc.edu)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Smart Checklist