kura icon indicating copy to clipboard operation
kura copied to clipboard

Published 20 hours ago verified publisher icon eclipse

Review/Update servlet response headers

Open MMaiero opened this issue 4 years ago • 2 comments

The security level of the UI can be improved updating the servlets response headers. In particular, the Ui can leverage the Content Security Policy feature implemented widely in most of the browsers (https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)

GWT is not fully compliant with it. An investigation has to be performed to improve the configuration of the security-related headers. (https://github.com/gwtproject/gwt/issues/8197)

MMaiero avatar Sep 10 '20 09:09 MMaiero

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

MMaiero avatar Sep 10 '20 09:09 MMaiero

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control

MMaiero avatar Sep 10 '20 09:09 MMaiero