Mailing List webobjects-dev@wocommunity.org Message #435
From: René Bock <bock@salient-doremus.de>
Subject: Enabling HTTP Content-Security-Policy (CSP) in WebObjects/WOnder-Ajax based applications?
Date: Wed, 8 Mar 2023 09:51:24 +0000
To: webobjects-dev@lists.apple.com <webobjects-dev@lists.apple.com>, WebObjects & WOnder Development <webobjects-dev@wocommunity.org>
 Message Header

Undecoded Message
Hi,

has anybody ever successfully enabled the HTTP Content-Security-Policy in a WOnder application – especially when the Ajax-Framework is heavily used?

From my point of view, there are three main challenges to overcome when implementing the CSP:

* inline script code
* DOM event handlers as HTML attributes
* evals


Especially when using the 'unsafe-inline', 'unsafe-eval' etc. keywords are not an option.



Regards

René


--
Phone: +49 69 650096 18
salient GmbH // Lindleystraße 12 // 60314 Frankfurt
Amtsgericht Frankfurt am Main // salient GmbH HRB 48693
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster