[jira] [Commented] (TOBAGO-1790) CSP definition must be appendable

Wed, 30 Aug 2017 08:51:36 -0700 

    [ 
https://issues.apache.org/jira/browse/TOBAGO-1790?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16147487#comment-16147487
 ] 

Hudson commented on TOBAGO-1790:
--------------------------------

SUCCESS: Integrated in Jenkins build Tobago Trunk #995 (See 
[https://builds.apache.org/job/Tobago%20Trunk/995/])
TOBAGO-1790: CSP definition must be appendable 
TOBAGO-1791: There should be a "nonce" for each request to protect CSS and 
JavaScript with CSP
TOBAGO-1792: CSP: using CSP Level 2 syntax (lofwyr: 
[http://svn.apache.org/viewvc/?view=rev&rev=1806697])
* (edit) 
tobago-trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/ContentSecurityPolicy.java
* (edit) 
tobago-trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParser.java
* (edit) 
tobago-trunk/tobago-core/src/main/java/org/apache/myfaces/tobago/internal/util/ResponseUtils.java
* (add) tobago-trunk/tobago-core/src/main/resources/META-INF/tobago-config.xml
* (edit) 
tobago-trunk/tobago-core/src/main/resources/org/apache/myfaces/tobago/config/tobago-config-4.0.xsd
* (edit) 
tobago-trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigMergingUnitTest.java
* (edit) 
tobago-trunk/tobago-core/src/test/java/org/apache/myfaces/tobago/internal/config/TobagoConfigParserUnitTest.java
* (edit) tobago-trunk/tobago-core/src/test/resources/tobago-config-2.0.xml
* (edit) tobago-trunk/tobago-core/src/test/resources/tobago-config-4.0.xml
* (add) tobago-trunk/tobago-core/src/test/resources/tobago-config-merge-3.xml
* (edit) 
tobago-trunk/tobago-core/src/test/resources/tobago-config-untidy-2.0.xml
* (edit) 
tobago-trunk/tobago-example/tobago-example-demo/src/main/webapp/WEB-INF/tobago-config.xml
* (edit) 
tobago-trunk/tobago-example/tobago-example-demo/src/main/webapp/content/20-component/020-output/60-object/object.xhtml
* (edit) 
tobago-trunk/tobago-theme/tobago-theme-standard/src/main/resources/META-INF/tobago-config.xml


> CSP definition must be appendable
> ---------------------------------
>
>                 Key: TOBAGO-1790
>                 URL: https://issues.apache.org/jira/browse/TOBAGO-1790
>             Project: MyFaces Tobago
>          Issue Type: New Feature
>            Reporter: Udo Schnurpfeil
>            Assignee: Udo Schnurpfeil
>
> Currently there is no possibility to define CSP headers twice. It's not 
> supported by the specification. If a key is set twice, the first counts, the 
> second will be ignored.
> So, the values have to be merged.
> To be more convenient, the "directive" tags gets a new attribute "name".
> Example:
> {code}
> <directive name="script-src">'self'</directive>
> <directive name="script-src">'unsafe-eval'</directive>
> {code}
> Result:
> {code}
> script-src 'self 'unsafe-eval'
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to