Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11855

Add support for Content-Security-Policy headers

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.0.0
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Rank:
      1|hzub73:

      Description

      The Content-Security-Policy header can be used to set a variety of security-related headers to responses to reduce the risks of XSS, ClickJacking etc attacks. While this could be configured in the SetHeadersFilter in web.xml it would be better if we had first-class support for this in the admin console.

      (Actually it might be better to pull the configuration of the SetHeadersFilter itself into the admin console so that it can be configured without hacking the web.xml).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              neil.madden Neil Madden
              Votes:
              2 Vote for this issue
              Watchers:
              10 Start watching this issue

                Dates

                Created:
                Updated: