rimas-kudelis
commented
7 years ago I think we should make this configurable, via variables.php.
E.g. $allowframing = false; by default or something like that.
Closed Udera closed 7 years ago
rimas-kudelis
commented
7 years ago I think we should make this configurable, via variables.php.
E.g. $allowframing = false; by default or something like that.
Udera
commented
7 years ago There is a problem with inline-code (java-script/css) that is not supported by default: https://developer.chrome.com/extensions/contentSecurityPolicy#JSExecution
We have some pages where we use onload to focus on the first form field, we can replace this by putting autofocus into the field which is supposed to be focused (supported by HTML 5). Another example is the automatic password generator and a few cases with inline css code.
Not sure if it is worth working over all these examples to make CSP work.
Udera
commented
7 years ago This option is now configurable and disabled by default. PR updated.
Fix #209