Mailing List webobjects-dev@wocommunity.org Messaggio #435
Da: René Bock <bock@salient-doremus.de>
Oggetto: Enabling HTTP Content-Security-Policy (CSP) in WebObjects/WOnder-Ajax based applications?
Data: Wed, 8 Mar 2023 09:51:24 +0000
A: webobjects-dev@lists.apple.com <webobjects-dev@lists.apple.com>, WebObjects & WOnder Development <webobjects-dev@wocommunity.org>
 Intestazione del messaggio

Testo originale del messaggio
Hi,

has anybody ever successfully enabled the HTTP Content-Security-Policy in a WOnder application – especially when the Ajax-Framework is heavily used?

From my point of view, there are three main challenges to overcome when implementing the CSP:

* inline script code
* DOM event handlers as HTML attributes
* evals


Especially when using the 'unsafe-inline', 'unsafe-eval' etc. keywords are not an option.



Regards

René


--
Phone: +49 69 650096 18
salient GmbH // Lindleystraße 12 // 60314 Frankfurt
Amtsgericht Frankfurt am Main // salient GmbH HRB 48693
Iscrizione modo messaggi Iscrizione modo riassunto Iscrizione modo index Cancella Scrivi al Listmaster