[MGNLDEMO-326] Define a CSP policy Created: 28/Oct/19 Updated: 15/Mar/21 Resolved: 15/Mar/21 |
|
| Status: | Closed |
| Project: | Magnolia Demo Projects |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Neutral |
| Reporter: | Maxime Michel | Assignee: | Unassigned |
| Resolution: | Outdated | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Template: |
|
||||
| Acceptance criteria: |
Empty
|
||||
| Task DoR: |
Empty
|
||||
| Description |
|
As seen in SRE-800, the default CSP header value coming from magnolia-now-configuration is not working well with the demo. Despite a few attempts on SRE side, it wasn't straightforward to find an updated value that would do the job:
It would be better for security that somebody goes through the whole demo site to either determine which CSP headers need to be allowed, or bundle resources in the project itself. |