Skip to content

[FEATURE] Add CSP middleware #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 6, 2018
Merged

[FEATURE] Add CSP middleware #3

merged 4 commits into from
Jul 6, 2018

Conversation

domianer
Copy link
Contributor

@domianer domianer commented Apr 4, 2018
edited by matz3
Loading

Adds a Content Security Policy (CSP) middleware which can be enabled via URL parameter (sap-ui-xx-csp-policy). One can set the value to a policy string directly, or use one of the already defined policy IDs (sap-target-level-1, sap-target-level-2).

The OpenUI5 QUnit test "sap/ui/core/qunit/csp/ContentSecurityPolicy.qunit.html" can be used for a starting point validating for CSP compliance.

@CLAassistant
Copy link

CLAassistant commented Apr 4, 2018
edited
Loading

CLA assistant check
All committers have signed the CLA.

@domianer domianer requested review from matz3 and RandomByte April 4, 2018 16:01
@domianer domianer self-assigned this Apr 4, 2018
@matz3
Copy link
Member

matz3 commented Apr 6, 2018

@domianer the ESLint checks are failing. Could you please check? Just run npm test in your project to see the errors.

@codeworrior
Copy link
Member

codeworrior commented Jul 4, 2018
edited
Loading

Policies should be updated to sap-target-level-1 and sap-target-level-2.

@codeworrior
Copy link
Member

ESLint issues have been fixed, tests have been added and the policies have been updated :-)

matz3
matz3 approved these changes Jul 6, 2018
View reviewed changes
Copy link
Member

@matz3 matz3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@matz3 matz3 merged commit f9ec3ee into master Jul 6, 2018
@matz3 matz3 deleted the add-csp-middleware branch July 6, 2018 14:26
d3xter666 pushed a commit to UI5/cli that referenced this pull request Sep 25, 2025
@domianer @matz3
[server][FEATURE] Add CSP middleware (SAP/ui5-server#3)
ab3e8b7 
Adds a Content Security Policy (CSP) middleware which can be enabled via URL parameter (sap-ui-xx-csp-policy). One can set the value to a policy string directly, or use one of the already defined policy IDs (sap-target-level-1, sap-target-level-2).

The OpenUI5 QUnit test "[sap/ui/core/qunit/csp/ContentSecurityPolicy.qunit.html](https://github.com/SAP/openui5/blob/master/src/sap.ui.core/test/sap/ui/core/qunit/csp/ContentSecurityPolicy.qunit.html)" can be used for a starting point validating for CSP compliance.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matz3 matz3 matz3 approved these changes

@RandomByte RandomByte Awaiting requested review from RandomByte

Assignees

@domianer domianer

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@domianer @CLAassistant @matz3 @codeworrior