Re: How to proceed on the CSP issue.

On Wed, Feb 14, 2018 at 1:39 PM, Mark Thomas wrote: > httpd's mod_headers module > > Since I did the rewrite valve then, I had a plan at some point to do it, but it looked like quite a bit of effort for less gain (than the rewrite valve). So no mod_headers valve, my bad :) Rémy

Re: How to proceed on the CSP issue.

Rahul, On 2/21/18 9:55 AM, Rahul Chhabra wrote: > > On Sat, Feb 17, 2018 at 4:30 AM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > > Mark, > > On 2/14/18 7:39 AM, Mark Thomas wrote: On 14/02/18 11:51, Harrison & Wells wrote: > Sorry to disturb you. Not at all

Re: How to proceed on the CSP issue.

Obviously, *guessing *a policy is beyond mortal comprehension. We could take the value as an init parameter. Then whenever the filter is applied, it just puts that CSP. default-src 'none' That's one way to make a CSP filter and preserve your sanity On Sat, Feb 17, 2018 at 4:30 AM, Christophe

Re: How to proceed on the CSP issue.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 2/14/18 7:39 AM, Mark Thomas wrote: > On 14/02/18 11:51, Harrison & Wells wrote: >> Sorry to disturb you. > > Not at all. > >> I read the Contributing.md >> on >> your github

Re: How to proceed on the CSP issue.

On 14/02/18 11:51, Harrison & Wells wrote: > Sorry to disturb you. Not at all. > I read the Contributing.md > on your > github mirror and even found the beginner issues >