[ZendTo] Content Security Policy

Viktor Steinmann stony at stony.com
Sun Feb 24 16:20:11 GMT 2019


Jules, I just figured, the same is true for inline CSS.

Would be great, if this could be implemented some day.

Kind regards,
Viktor

Am 24.02.2019 um 15:04 schrieb Jules:
> Viktor,
>
> Agreed, I should move the JS out of the template files. I've just 
> never had a good reason to do so before, so never bothered. :-)
>
> I'll add it to the list of jobs to do.
>
> Cheers,
> Jules.
>
> On 22/02/2019 7:40 am, Viktor Steinmann via ZendTo wrote:
>> Good morning all
>>
>> I have been playing around with Content Security Headers for ZendTo, 
>> but didn't manage to get them completely right. Does someone have a 
>> working set of of CSP headers available to share?
>>
>> While we're at it: Inline JavaScript kills part of any CSP, as it 
>> required an "unsafe-inline" part in the policy. If all JavaScript 
>> could be extracted from the HTML and put into separate .js files, the 
>> CSP could be tightened even more. Increasing security would be cool, 
>> right? ;-)
>>
>> Kind regards,
>>
>> Viktor
>>
>>
>> _______________________________________________
>> ZendTo mailing list
>> ZendTo at zend.to
>> http://jul.es/mailman/listinfo/zendto
>
> Jules
>
> -- 
> Julian Field MEng CEng CITP MBCS MIEEE MACM
>
> 'Find a place inside where there's joy, and the joy will burn out
>   the pain.' - Joseph Campbell
>
> www.Zend.To
> Twitter: @JulesFM





More information about the ZendTo mailing list