[ZendTo] Content Security Policy
Jules
Jules at Zend.To
Sun Feb 24 14:04:04 GMT 2019
Viktor,
Agreed, I should move the JS out of the template files. I've just never
had a good reason to do so before, so never bothered. :-)
I'll add it to the list of jobs to do.
Cheers,
Jules.
On 22/02/2019 7:40 am, Viktor Steinmann via ZendTo wrote:
> Good morning all
>
> I have been playing around with Content Security Headers for ZendTo,
> but didn't manage to get them completely right. Does someone have a
> working set of of CSP headers available to share?
>
> While we're at it: Inline JavaScript kills part of any CSP, as it
> required an "unsafe-inline" part in the policy. If all JavaScript
> could be extracted from the HTML and put into separate .js files, the
> CSP could be tightened even more. Increasing security would be cool,
> right? ;-)
>
> Kind regards,
>
> Viktor
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto
Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
'Find a place inside where there's joy, and the joy will burn out
the pain.' - Joseph Campbell
www.Zend.To
Twitter: @JulesFM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20190224/1af43c8f/attachment-0001.html>
More information about the ZendTo
mailing list