New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Content Security Policy Support #3763
Conversation
jgrandja
commented
Mar 17, 2016
- Adds CSP support to the Java DSL of HeadersConfigurer
- Implementation is pretty straight forward but the documentation is important here so please review and provide feedback on whether it's sufficient
this.writer = new ContentSecurityPolicyHeaderWriter(policyDirectives); | ||
} else { | ||
// TODO Allow for over-riding previously set directives? Is this really needed? | ||
this.writer.setPolicyDirectives(policyDirectives); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this should be removed. User's can always invoke contentSecurityPolicy
again.
@pivotal-joe-grandja Thanks for the PR! I would try to add a link to one or more of the more popular CSP guides (http://www.html5rocks.com/en/tutorials/security/content-security-policy/ or https://developer.mozilla.org/en-US/docs/Web/Security/CSP are nice) We should also update the headers section of the reference. Also, we will likely merge all of the CSP stuff at once so feel free to update this PR and squash commits as you get the XML support and documentation updated. |
Ok thanks Rob. On Thu, Mar 17, 2016 at 12:04 PM, Rob Winch notifications@github.com
|
This will fix #2342 |
@pivotal-joe-grandja Thanks for the updates! This is now merged into master via 2f7f2ff |