[ https://issues.apache.org/jira/browse/TOBAGO-1790?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16147487#comment-16147487 ]
Hudson commented on TOBAGO-1790: -------------------------------- SUCCESS: Integrated in Jenkins build Tobago Trunk #995 (See [https://builds.apache.org/job/Tobago%20Trunk/995/]) TOBAGO-1790: CSP definition must be appendable TOBAGO-1791: There should be a "nonce" for each request to protect CSS and JavaScript with CSP TOBAGO-1792: CSP: using CSP Level 2 syntax (lofwyr: [http://svn.apache.org/viewvc/?view=rev&rev=1806697]) * (edit) tobago-trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/ContentSecurityPolicy.java * (edit) tobago-trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java * (edit) tobago-trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/util/ResponseUtils.java * (add) tobago-trunk/tobago-core/src/main/resources/META-INF/tobago-config.xml * (edit) tobago-trunk/tobago-core/src/main/resources/org/apache/myfaces/tobago/config/tobago-config-4.0.xsd * (edit) tobago-trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMergingUnitTest.java * (edit) tobago-trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParserUnitTest.java * (edit) tobago-trunk/tobago-core/src/test/resources/tobago-config-2.0.xml * (edit) tobago-trunk/tobago-core/src/test/resources/tobago-config-4.0.xml * (add) tobago-trunk/tobago-core/src/test/resources/tobago-config-merge-3.xml * (edit) tobago-trunk/tobago-core/src/test/resources/tobago-config-untidy-2.0.xml * (edit) tobago-trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml * (edit) tobago-trunk/tobago-example/tobago-example-demo/src/main/webapp/content/20-component/020-output/60-object/object.xhtml * (edit) tobago-trunk/tobago-theme/tobago-theme-standard/src/main/resources/META-INF/tobago-config.xml > CSP definition must be appendable > --------------------------------- > > Key: TOBAGO-1790 > URL: https://issues.apache.org/jira/browse/TOBAGO-1790 > Project: MyFaces Tobago > Issue Type: New Feature > Reporter: Udo Schnurpfeil > Assignee: Udo Schnurpfeil > > Currently there is no possibility to define CSP headers twice. It's not > supported by the specification. If a key is set twice, the first counts, the > second will be ignored. > So, the values have to be merged. > To be more convenient, the "directive" tags gets a new attribute "name". > Example: > {code} > <directive name="script-src">'self'</directive> > <directive name="script-src">'unsafe-eval'</directive> > {code} > Result: > {code} > script-src 'self 'unsafe-eval' > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)