[Bug 38365] Add Content-Security-Policy HTTP header to HTML responses
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38365 --- Comment #435 from David Cook <dcook@prosentient.com.au> --- (In reply to Chloé Zermatten from comment #434)
Is an enhancement, dependency unmet -> not backporting to 25.11 - please do tell me if that needs changing!
I think that's probably the right choice, since this is a fairly big change. I think the QA tools might demand use of 'nonce="[% Koha.CSPNonce | $raw %]"' even in 25.11, but it should be OK to include it in many cases, because it'll just do a "noop" if that CSPNonce function is missing from the template plugin. So backports should be fine to include it even though the underlying mechanism isn't there. -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org