[Bug 38365] Add Content-Security-Policy HTTP header to HTML responses
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38365 --- Comment #436 from David Cook <dcook@prosentient.com.au> --- Posting here just to gather feedback from interested parties... What do people think about showing the effective Content-Security-Policy on the about.pl page? It's trivial for a tech savvy person to see the policy. They just need to review the headers sent back from the server. If we show the policy to a non-technical audience, they'd at least be able to speak to the current state of affairs *to* their technical teams. I mention this because it would be nice to be able to refer people to the Content-Security-Policy in https://wiki.koha-community.org/wiki/Security_Hardening_Guide While I can say "oh hey look at the headers or look at koha-conf.xml", it's probably going to be more meaningful to see the config in about.pl Anyway, food for thought. -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org