https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42080
--- Comment #4 from David Cook <[email protected]> --- Hi Eric, We're actually already working on bringing Content-Security-Policy into Koha with bug 38365, so it looks like great minds think alike! That said, I think I'll need to think on this one a bit more. I love Content-Security-Policy, but it won't be turned on out of the box, and it'll be set globally so the same header will be sent for all pages sent by Starman. (I am curious though about layering Content-Security-Policy headers. Perhaps we can include the one you've provided PLUS the global one. I'm going to look into that shortly.) Another thing is while Content-Security-Policy is great (seriously I truly love it), it is only one layer of defence. Ideally it would be good to have multiple. So I'm going to think a bit more about what we could do in terms of data validation. With bug 41591 I really didn't think that it would make that much of a difference to end users, so thanks for this report. It's interesting to know that people really do want to view the file inline. Different strokes for different folks, but Koha tries to be all things to all people, so let's try to figure this one out... -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
