<!-- 
RSS generated by JIRA (9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b) at Mon Feb 12 01:19:48 CET 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>Magnolia - Issue tracker</title>
    <link>https://jira.magnolia-cms.com</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-uk</language>    <build-info>
        <version>9.4.2</version>
        <build-number>940002</build-number>
        <build-date>19-01-2023</build-date>
    </build-info>


<item>
            <title>[DOCU-1625] Document how to enable Content Security Policy (CSP) support in Magnolia</title>
                <link>https://jira.magnolia-cms.com/browse/DOCU-1625</link>
                <project id="10190" key="DOCU">Documentation</project>
                    <description>&lt;p&gt;The Cloud team has brought up the topic of Content Security Policy (CSP) to the architecture group.&lt;/p&gt;

&lt;p&gt;See:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;&lt;a href=&quot;https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;section 1 at &lt;a href=&quot;https://wiki.magnolia-cms.com/display/ARCHI/2018-07-12+CSP+headers%2C+HSTS%2C+Resurface+tab+sheet&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://wiki.magnolia-cms.com/display/ARCHI/2018-07-12+CSP+headers%2C+HSTS%2C+Resurface+tab+sheet&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;In particular, CSP can be enabled either A. through HTTP headers on the response, or B. through &lt;tt&gt;meta&lt;/tt&gt;&#160;tags in the page.&lt;/p&gt;

&lt;p&gt;We generally think this is a project decision&#8212;that we don&apos;t need any default or preconfiguration in Magnolia Core&#8212;but were discussing how to address if a prospect is interested in, or enquires about it (what do we do for similar cases generally, e.g. CORS?)&lt;/p&gt;

&lt;p&gt;A small &quot;how-to&quot; page describing the no-brainer filter configuration (see the &lt;tt&gt;AddHeadersFilter&lt;/tt&gt;&#160;snippet), or how to add the meta tag to the site prototype could be considered. We don&apos;t need/want to re-explain what CSP is, the mozilla site is pretty good about it, and if users search for it, there&apos;s a good chance they read about it before.&lt;/p&gt;

&lt;p&gt;And most of all, this is just a suggestion really, this should not generate too much work load. Feel free to:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;(de)prioritize&lt;/li&gt;
	&lt;li&gt;tell me if this doesn&apos;t belong in docu&lt;/li&gt;
	&lt;li&gt;bring up to PM&lt;/li&gt;
	&lt;li&gt;and/or close as appropriate, whatever makes more sense really&#160; &lt;img class=&quot;emoticon&quot; src=&quot;https://jira.magnolia-cms.com/images/icons/emoticons/smile.png&quot; height=&quot;16&quot; width=&quot;16&quot; align=&quot;absmiddle&quot; alt=&quot;&quot; border=&quot;0&quot;/&gt;&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;&#160;&lt;/p&gt;</description>
                <environment></environment>
        <key id="68084">DOCU-1625</key>
            <summary>Document how to enable Content Security Policy (CSP) support in Magnolia</summary>
                <type id="2" iconUrl="https://jira.magnolia-cms.com/secure/viewavatar?size=xsmall&amp;avatarId=10891&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="4" iconUrl="https://jira.magnolia-cms.com/images/icons/priorities/minor.svg">Minor</priority>
                        <status id="1" iconUrl="https://jira.magnolia-cms.com/images/icons/statuses/open.png" description="The issue is open and ready for the assignee to start work on it.">Open</status>
                    <statusCategory id="2" key="new" colorName="default"/>
                                    <resolution id="-1">Unresolved</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="mgeljic">Mika&#235;l Gelji&#263;</reporter>
                        <labels>
                            <label>csp</label>
                            <label>suggestion</label>
                    </labels>
                <created>Fri, 13 Jul 2018 16:48:24 +0200</created>
                <updated>Fri, 6 Sep 2019 11:54:18 +0200</updated>
                                                                                <due></due>
                            <votes>0</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="167453" author="jlegendre" created="Thu, 23 Aug 2018 15:01:04 +0200"  >&lt;p&gt;See &lt;a href=&quot;https://jira.magnolia-cms.com/secure/ViewProfile.jspa?name=mdrapela&quot; class=&quot;user-hover&quot; rel=&quot;mdrapela&quot;&gt;mdrapela&lt;/a&gt;&apos;s comment on &lt;a href=&quot;https://documentation.magnolia-cms.com/display/DOCS57/Magnolia+Cloud+update+-+July+2018&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://documentation.magnolia-cms.com/display/DOCS57/Magnolia+Cloud+update+-+July+2018&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="167727" author="mdrapela" created="Tue, 28 Aug 2018 12:09:22 +0200"  >&lt;p&gt;A follow-up discussion on this in the Krom office concluded that our default CSP config in&#160;&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://git.magnolia-cms.com/projects/OD/repos/cloud-modules/browse/magnolia-now-configuration/src/main/resources/mgnl-bootstrap/magnolia-now-configuration/config.server.filters.cspHeader.xml&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://git.magnolia-cms.com/projects/OD/repos/cloud-modules/browse/magnolia-now-configuration/src/main/resources/mgnl-bootstrap/magnolia-now-configuration/config.server.filters.cspHeader.xml&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;brings more problems (nested permissions) rather than benefits and that ideally - ootb - the config CSP header filter should be&lt;/p&gt;

&lt;p&gt;&lt;tt&gt;enabled: &lt;b&gt;false&lt;/b&gt;&lt;/tt&gt;.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                            <customfield id="customfield_14166" key="com.okapya.jira.checklist:checklist">
                        <customfieldname>Acceptance criteria</customfieldname>
                        <customfieldvalues>
                            
        <checklist>
        <![CDATA[
                            




                
                                    <div class="o-completion" style="display: flex; flex-shrink: 0;"><span  class="aui-lozenge aui-lozenge-complete" style="font-size: 12px; font-weight: normal; display: flex; flex-direction: row; align-items: center;" ><span style="padding-right: 4px; vertical-align: middle;"><svg width="15" height="15" viewBox="0 0 15 15" xmlns="http://www.w3.org/2000/svg" fill="white"><path clip-rule="evenodd" d="m10.41037,3.42544l-7.86501,0c-0.72395,0 -1.31084,0.58688 -1.31084,1.31084l0,7.86508c0,0.7239 0.58689,1.3108 1.31084,1.3108l7.86501,0c0.724,0 1.3109,-0.5869 1.3109,-1.3108l0,-7.86508c0,-0.72396 -0.5869,-1.31084 -1.3109,-1.31084zm-7.86501,-0.65542c-1.08593,0 -1.96626,0.88032 -1.96626,1.96626l0,7.86508c0,1.0859 0.88033,1.9662 1.96626,1.9662l7.86501,0c1.086,0 1.9663,-0.8803 1.9663,-1.9662l0,-7.86508c0,-1.08594 -0.8803,-1.96626 -1.9663,-1.96626l-7.86501,0z" fill-rule="evenodd"/><path d="m5.09049,10.18526l-1.82767,-1.82766l-0.78479,0.78479l2.61246,2.61246l5.38758,-5.38754l-0.78483,-0.78479l-4.60275,4.60274z"/></svg></span><span>Empty</span></span></div>
                        ]]>
    </checklist>


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10111" key="com.atlassian.jira.toolkit:reporterdomain">
                        <customfieldname>Company</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>magnolia-cms.com</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10031" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 23 Aug 2018 15:01:04 +0200</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_12730" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_14151" key="com.atlassian.jira.toolkit:message">
                        <customfieldname>Docu info</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10246" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>DOCU-1956</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10061" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comm is not jira-dev</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10071" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last participant</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>mdrapela</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_13136" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            5 years, 24 weeks, 5 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10020" key="com.atlassian.jira.toolkit:attachments">
                        <customfieldname>Number of attachments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10150" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname>Number of comments</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10011" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>jlegendre</customfieldvalue>
            <customfieldvalue>mdrapela</customfieldvalue>
            <customfieldvalue>mgeljic</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                <customfield id="customfield_10833" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|y00a7c:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10244" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14145" key="com.intenso.jira.issue-templates:issue-templates-customfield">
                        <customfieldname>Template</customfieldname>
                        <customfieldvalues>
                            


                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_15131" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Time in Discovery</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    </customfields>
    </item>
</channel>
</rss>