Henning Nöth created TOBAGO-2441:
------------------------------------
Summary: CSP complient websockets
Key: TOBAGO-2441
URL: https://issues.apache.org/jira/browse/TOBAGO-2441
Project: MyFaces Tobago
Issue Type: New Feature
Components: Core
Affects Versions: 6.8.1
Reporter: Henning Nöth
If using f:websocket, the CSP "script-src" must allow "unsafe-inline". We
should implement a tc:websocket which added a nonce-value to the inline
JavaScript, so there don't need to be a "script-src: 'unsafe-inline'".
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
