• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Enabling HTTP Content-Security-Policy (CSP) in WebObjects/WOnder-Ajax based applications?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Enabling HTTP Content-Security-Policy (CSP) in WebObjects/WOnder-Ajax based applications?

  • Subject: Enabling HTTP Content-Security-Policy (CSP) in WebObjects/WOnder-Ajax based applications?
  • From: René Bock via Webobjects-dev <email@hidden>
  • Date: Wed, 8 Mar 2023 09:51:24 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=salient-doremus.de; dmarc=pass action=none header.from=salient-doremus.de; dkim=pass header.d=salient-doremus.de; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JDlqXQtyqjh3bqjaaMH/ojJSAl06bIu3gREtGDyu3hc=; b=cHqrozgFh/huEmeDfmn5IyRELUNKquIfEQNMy5lpUd1Aiej03c17tPoE0+wUyDfrKv11faKvOHTE4sxUY+BavL7iKM3NV+0C+2dU282DgYVxnnzQez2X7nGxt2NYUdn9VnuNjIR7cIO58ADGIHNs5ftfpf1CG/ULFUVVEpoPKrN9VPwOO1mfFKlOL/qYj5I+T+DhF1lrgIfYERrZ6799A3MVt2CU1QsphbO+n3Lnu8QTRS+ccP9Zb0nRzXqjyGYIA8apvp+NmRrzG6Lt7apKLu0shhisU9Cbez8BLLRZ+WmCK17ZmmEjVGcymSLfPrQHBp5/sYZPksaWrABHeyYLHA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CLIMoGeWlsadjbxNuTypiBUsymsGofXtLBFA4idpC/VoJMyNCV43J8ye+3SY2Y3RgS42HDDxJj7kUjYI/OHvNTIPWRl/M7HiLgitHOfGxO6FlfodWV+jdSiphtg2ZRFsiF33Hszukkj+5XixTzViKnCSEj0NY/VBLPrihe/JS9Qmrk0mDNNjCNm3mhiuAEzn6mGu7Jic16qHD9O/4JdECP8um7/Cnbr5jxp9JFAtpR7A4jH4RULBHhwrmbPQIxCPrTJaiHJqkP6XZ2UyJEqzOuAKGTiYMDER1/d8I2uXEzv5lJJlVn+N1/vBcTd6oMBatxj2tq3vWm76Rx/vnVyDjg==
  • Thread-topic: Enabling HTTP Content-Security-Policy (CSP) in WebObjects/WOnder-Ajax based applications?
Hi,

has anybody ever successfully enabled the HTTP Content-Security-Policy in a
WOnder application – especially when the Ajax-Framework is heavily used?

From my point of view, there are three main challenges to overcome when
implementing the CSP:

* inline script code
* DOM event handlers as HTML attributes
* evals


Especially when using the 'unsafe-inline', 'unsafe-eval' etc. keywords are not
an option.



Regards

        René


--
Phone: +49 69 650096 18
salient GmbH // Lindleystraße 12 // 60314 Frankfurt
Amtsgericht Frankfurt am Main // salient GmbH HRB 48693

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: Re: Asking questions
  • Next by Date: Re: Replacing log4j with slf4j in Wonder
  • Previous by thread: Re: Asking questions
  • Next by thread: Re: Replacing log4j with slf4j in Wonder
  • Index(es):
    • Date
    • Thread