svn commit: r1722927 - in /ofbiz/site/dtds: entity-eca.xsd site-conf.xsd

[jleroux]

Author: jleroux
Date: Mon Jan  4 17:42:38 2016
New Revision: 1722927

URL: http://svn.apache.org/viewvc?rev=1722927&view=rev
Log:
Updates dtds

Modified:
    ofbiz/site/dtds/entity-eca.xsd
    ofbiz/site/dtds/site-conf.xsd

Modified: ofbiz/site/dtds/entity-eca.xsd
URL: 
http://svn.apache.org/viewvc/ofbiz/site/dtds/entity-eca.xsd?rev=1722927&r1=1722926&r2=1722927&view=diff
==============================================================================
--- ofbiz/site/dtds/entity-eca.xsd (original)
+++ ofbiz/site/dtds/entity-eca.xsd Mon Jan  4 17:42:38 2016
@@ -246,12 +246,3 @@ under the License.
         </xs:attribute>
     </xs:attributeGroup>
 </xs:schema>
-<!--
-    <entity-eca>
-        <eca entity="Product" operation="create" event="return">
-          <condition field-name="foo" operator="equals" rhs="1"/>
-          <action service="testScv" mode="sync"/>
-          <action service="testScv2" mode="sync"/>
-        </eca>
-    </entity-eca>
--->

Modified: ofbiz/site/dtds/site-conf.xsd
URL: 
http://svn.apache.org/viewvc/ofbiz/site/dtds/site-conf.xsd?rev=1722927&r1=1722926&r2=1722927&view=diff
==============================================================================
--- ofbiz/site/dtds/site-conf.xsd (original)
+++ ofbiz/site/dtds/site-conf.xsd Mon Jan  4 17:42:38 2016
@@ -774,5 +774,38 @@ under the License.
                 </xs:restriction>
             </xs:simpleType>
         </xs:attribute>
+        <xs:attribute name="x-frame-option" default="sameorigin">
+            <xs:annotation>
+                <xs:documentation>
+                    Provides clickjacking protection by instructing browsers 
that this page should not be placed within a frame. 
+                    Possible values are: 
+                    deny - no rendering within a frame, 
+                    sameorigin - no rendering if origin mismatch, and 
+                    allow-from: - allow rendering if framing page is within 
the specified URI domain. 
+                    Allow from is supported by IE and Firefox, but not Chrome 
or Safari. 
+                    It will also interfere with In Page Google Analytics since 
it requires your page to be framed by Google.
+                </xs:documentation>
+            </xs:annotation>
+            <xs:simpleType>
+                <xs:restriction base="xs:token">
+                    <xs:enumeration value="deny"/>
+                    <xs:enumeration value="sameorigin"/>
+                    <xs:enumeration value="allow-from"/>
+                </xs:restriction>
+            </xs:simpleType>
+        </xs:attribute>
+        <xs:attribute type="xs:string" name="strict-transport-security">
+            <xs:annotation>
+                <xs:documentation>
+                    HTTP Strict-Transport-Security (HSTS) enforces secure 
(HTTP over SSL/TLS) connections to the server. 
+                    This reduces impact of bugs in web applications leaking 
session data through cookies and external links and defends against 
Man-in-the-middle attacks. 
+                    HSTS also disables the ability for users to ignore SSL 
negotiation warnings.
+                    If the security of the connection cannot be ensured (e.g. 
the server's TLS certificate is not trusted), 
+                    it shows an error message and do not allow the user to 
access the web application.
+                    As recommended by OWASP, by default "max-age=31536000; 
includeSubDomains" is used except if the server is localhost or 127.0.0.1.
+                    If the strict-transport-security is "none" then it will 
not be used. 
+                </xs:documentation>
+            </xs:annotation>
+        </xs:attribute>
     </xs:attributeGroup>
 </xs:schema>