[ZendTo] Content Security Policy
Viktor Steinmann
stony at stony.com
Sun Feb 24 16:20:11 GMT 2019
Jules, I just figured, the same is true for inline CSS.
Would be great, if this could be implemented some day.
Kind regards,
Viktor
Am 24.02.2019 um 15:04 schrieb Jules:
> Viktor,
>
> Agreed, I should move the JS out of the template files. I've just
> never had a good reason to do so before, so never bothered. :-)
>
> I'll add it to the list of jobs to do.
>
> Cheers,
> Jules.
>
> On 22/02/2019 7:40 am, Viktor Steinmann via ZendTo wrote:
>> Good morning all
>>
>> I have been playing around with Content Security Headers for ZendTo,
>> but didn't manage to get them completely right. Does someone have a
>> working set of of CSP headers available to share?
>>
>> While we're at it: Inline JavaScript kills part of any CSP, as it
>> required an "unsafe-inline" part in the policy. If all JavaScript
>> could be extracted from the HTML and put into separate .js files, the
>> CSP could be tightened even more. Increasing security would be cool,
>> right? ;-)
>>
>> Kind regards,
>>
>> Viktor
>>
>>
>> _______________________________________________
>> ZendTo mailing list
>> ZendTo at zend.to
>> http://jul.es/mailman/listinfo/zendto
>
> Jules
>
> --
> Julian Field MEng CEng CITP MBCS MIEEE MACM
>
> 'Find a place inside where there's joy, and the joy will burn out
> the pain.' - Joseph Campbell
>
> www.Zend.To
> Twitter: @JulesFM
More information about the ZendTo
mailing list