Hi,
has anybody ever successfully enabled the HTTP Content-Security-Policy in a
WOnder application – especially when the Ajax-Framework is heavily used?
From my point of view, there are three main challenges to overcome when
implementing the CSP:
* inline script code
* DOM event handlers as HTML attributes
* evals
Especially when using the 'unsafe-inline', 'unsafe-eval' etc. keywords are not
an option.
Regards
René
--
Phone: +49 69 650096 18
salient GmbH // Lindleystraße 12 // 60314 Frankfurt
Amtsgericht Frankfurt am Main // salient GmbH HRB 48693
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list ([email protected])
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to [email protected]
