-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All,
While replying to James's recent message about this filter's anti click-jacking features[1], I was surprised to see that this filter does not have any support for the Content-Security-Policy header. Adding such support would be fairly simple: simply add a "contentSecurityPolicy" attribute which gets dumped-out to every response as a Content-Security-Policy header. Any votes for/against? - -chris [1] https://lists.apache.org/thread.html/rb9f6829febf9b56aef2888ea2b5a98ee13 b14326c42225fc04ec13e5%40%3Cusers.tomcat.apache.org%3E -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl56e2UACgkQHPApP6U8 pFgGBhAAwlMkjbBsvt2AcivfwVyknfaJDA1KMDHHGzi5dKWA4PueYIPc2c9Es66f Cp45zsewQkeTSFv0bXNgHiMpn4u9QlqcODpU4/Ae7/B9Z2arsRiXUrpcB2d29+kI bjzjLwYv2TYZpts3jP23B6GMUw20HMd9t6mlb2+YuXDGXd42c2s+AnEkgVhRk9Ul 5h2syLuPLJaNLY1JK9B+WHP3Il1gSwVodzXi5O1jCwaQrulLLHh6H48eLWS2fPn/ xdcvTSioHrPLuVBdin7UOaaSG69+gFjOVh6t0rzH0hBn9tJgg0txzijHy0ZuEqdv 9ONWCCuNu+7CaHv+tNmj4Wsr4kqBkfdr3tjNJK+3+B3nrhAftUxrgqhOfuMatXO2 9OomVEWv3Sgd5ssrBdx1LTI5+H6NCl19+SsVFtaYPEc0jXv6+okMrOugFQtrPs// iJGtU8p5ioAyB2qFyPswUp3BSanryj+Pfcivydu5KUNK4EhP+oegmcNmz4/pWIcj j3mvdCdeq+ncTM9kw8HESgxnH92EPxA8ZoexayLobpQtz5W7Oc6vvWUTv7pmms0f D4hJ9om0fFPgRtQu3YAa/VyUWOEutoiDcY81602iSsWJZQYa+YDGof4ikJIjNaXH X9i9TtA7GpvfrxrS8od4D/GIyl0xCmETwPwumDBuHh0ZdZmFgHc= =S2dc -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
