[Bug 38365] Add Content-Security-Policy HTTP header to HTML responses
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38365 --- Comment #357 from David Cook <dcook@prosentient.com.au> --- (In reply to David Cook from comment #356)
Once bug 38365 is pushed, we can require that people add nonces to <script> and <style> inline elements (the QA tools will alert to this).
And then I'll continue the work on bug 38407. Since the value builders are handled by Koha::FrameworkPlugin, that leaves only about 117 lines across 33 files, which isn't too bad at all. (But I agree is out of scope for bug 38365, which is big enough already.)
Actually maybe some plugins do still have some inline event handlers. I'll deal with this too though. -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org