On 24/03/2020 21:28, Christopher Schultz wrote: > All, > > While replying to James's recent message about this filter's anti > click-jacking features[1], I was surprised to see that this filter > does not have any support for the Content-Security-Policy header. > > Adding such support would be fairly simple: simply add a > "contentSecurityPolicy" attribute which gets dumped-out to every > response as a Content-Security-Policy header. > > Any votes for/against?
See: https://bz.apache.org/bugzilla/show_bug.cgi?id=58837 No objections to your proposal. I do wonder about the more general solution but I don't see that as a reason not to do this. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
