[MGNLDEMO-326] Define a CSP policy Created: 28/Oct/19  Updated: 15/Mar/21  Resolved: 15/Mar/21

Status: Closed
Project: Magnolia Demo Projects
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Maxime Michel Assignee: Unassigned
Resolution: Outdated Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
Template:
Acceptance criteria:
Empty
Task DoR:
Empty

 Description   

As seen in SRE-800, the default CSP header value coming from magnolia-now-configuration is not working well with the demo.

Despite a few attempts on SRE side, it wasn't straightforward to find an updated value that would do the job:

  1. there are many scripts/fonts/resources being loaded
  2. SREs don't know this project thorougly

It would be better for security that somebody goes through the whole demo site to either determine which CSP headers need to be allowed, or bundle resources in the project itself.


Generated at Mon Feb 12 05:18:33 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.