[Koha-bugs] [Bug 20397] Implement Content Security Policy
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Aug 18 03:46:25 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20397
David Cook <dcook at prosentient.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |In Discussion
--- Comment #20 from David Cook <dcook at prosentient.com.au> ---
I'm not putting this to "Needs Signoff" yet, as I'd like to get some more
feedback first.
Here are a few thoughts of my own:
1. I think we need to add an API endpoint for CSP violation reports, although
I'm not sure how we want to handle those. Would we send an email to sysadmins?
Just put it in the web server logs?
2. Need to double-check the font-src directive since I think people do use web
fonts from other sources...
3. For HTTPS sites, I think we could add a "https:" expression too.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list