Mailing List Message #435
From: René Bock <>
Subject: Enabling HTTP Content-Security-Policy (CSP) in WebObjects/WOnder-Ajax based applications?
Date: Wed, 8 Mar 2023 09:51:24 +0000
To: <>, WebObjects & WOnder Development <>

has anybody ever successfully enabled the HTTP Content-Security-Policy in a WOnder application – especially when the Ajax-Framework is heavily used?

From my point of view, there are three main challenges to overcome when implementing the CSP:

* inline script code
* DOM event handlers as HTML attributes
* evals

Especially when using the 'unsafe-inline', 'unsafe-eval' etc. keywords are not an option.



Phone: +49 69 650096 18
salient GmbH // Lindleystraße 12 // 60314 Frankfurt
Amtsgericht Frankfurt am Main // salient GmbH HRB 48693

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster