Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Add the sandbox directive on the default deny-all Content-Security-Policy

Download Browse

This directive should not change something in this context for modern browsers as they already blocks everything. Adding it it's mainly a defense in depth for old and unsupported browsers such as IE that do not support other directives. To test the nginx configuration must be redeployed but nothing is expected to change expect that the sandbox attribute is added when the default CSP header is sent (for example for the static assets). Part of request #17967: Deploy a useful content security policy Change-Id: I2967eb735d65f3ce497d7dea2f942745b005f150

+1 −1
Thomas Gerbet (tgerbet) 2021-01-13 14:37
Thomas Gerbet (tgerbet) 2021-01-13 14:45
c39b1b73b332c589200d7a32af5cfaa1141edee4
07e4397369b1232b62be7c52a059c7859a382226
git #tuleap/stable/c39b1b73b332c589200d7a32af5cfaa1141edee4

Modified Files

Side by side diff
Inline diff
Name
M src/etc/nginx/tuleap-managed-global-settings.conf +1 −1 Go to diff View file