Re: Enabling HTTP Content-Security-Policy (CSP) in WebObjects/WOnder-Ajax based applications?
Re: Enabling HTTP Content-Security-Policy (CSP) in WebObjects/WOnder-Ajax based applications?
- Subject: Re: Enabling HTTP Content-Security-Policy (CSP) in WebObjects/WOnder-Ajax based applications?
- From: "Markus Stoll, junidas GmbH via Webobjects-dev" <email@hidden>
- Date: Wed, 2 Oct 2024 11:15:25 +0200
Hi René
did you find a solution for this issue?
I guess this will be a major issue for everyone integrating a payment provider….
Regards, Markus
> Am 08.03.2023 um 10:51 schrieb René Bock via Webobjects-dev
> <email@hidden>:
>
> Hi,
>
> has anybody ever successfully enabled the HTTP Content-Security-Policy in a
> WOnder application – especially when the Ajax-Framework is heavily used?
>
> From my point of view, there are three main challenges to overcome when
> implementing the CSP:
>
> * inline script code
> * DOM event handlers as HTML attributes
> * evals
>
>
> Especially when using the 'unsafe-inline', 'unsafe-eval' etc. keywords are
> not an option.
>
>
>
> Regards
>
> René
>
>
> --
> Phone: +49 69 650096 18
> salient GmbH // Lindleystraße 12 // 60314 Frankfurt
> Amtsgericht Frankfurt am Main // salient GmbH HRB 48693
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden