Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCU-1625

Document how to enable Content Security Policy (CSP) support in Magnolia

    XMLWordPrintable

Details

    • New Feature
    • Resolution: Unresolved
    • Minor
    • None
    • None
    • None

    Description

      The Cloud team has brought up the topic of Content Security Policy (CSP) to the architecture group.

      See:

      In particular, CSP can be enabled either A. through HTTP headers on the response, or B. through meta tags in the page.

      We generally think this is a project decision—that we don't need any default or preconfiguration in Magnolia Core—but were discussing how to address if a prospect is interested in, or enquires about it (what do we do for similar cases generally, e.g. CORS?)

      A small "how-to" page describing the no-brainer filter configuration (see the AddHeadersFilter snippet), or how to add the meta tag to the site prototype could be considered. We don't need/want to re-explain what CSP is, the mozilla site is pretty good about it, and if users search for it, there's a good chance they read about it before.

      And most of all, this is just a suggestion really, this should not generate too much work load. Feel free to:

      • (de)prioritize
      • tell me if this doesn't belong in docu
      • bring up to PM
      • and/or close as appropriate, whatever makes more sense really 

       

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                Unassigned Unassigned
                mgeljic Mikaël Geljić
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated: