- Added support for W3C Content Security Policy(CSP) * For details about CSP, see https://www.w3.org/TR/CSP/
* New calls: security::csp::nonce: Generate a CSP nonce token token
security::csp::require /directive/ /value/: Add a requirements of a page to the CSP in order to generate later a tailored policy with the minimal permissions for this page. For example, the following requirement is currently added per default to the oacs-master template to permit style tags and style attribites in the markup.
security::csp::require style-src 'unsafe-inline'
security::csp::render: Generate a policy from the requirements
* Added Kernel Parameter CSPEnabledP to activate/desctivate CSP (default on)
- Bump version numbers acs-tcl to 5.9.1d11 acs-bootstrap-installer to 5.9.1d4 acs-kernel to 5.9.1d17
- fix bug for host-node-mapped subsites: on the (subsite) admin-page of a host-node-mapped subsites, the link to site-wide-admin should always point to the main site.
- add new helper function util::configured_location to address the bug above to return the configured location as configured for the current network driver. While [util_current_location] honors the virtual host information of the host header field, util::configured_location returns the main configured location (probably the main subsite).
- extend [util_driver_info] * make the passed-in array name optional and to return always a dict * include the configured host name in the result (dict/array)
- add cross references via @see to make it easier to switch between related functions
- bump version number of acs-tcl to 5.9.1d10 and acs-subsite to 5.9.1d7 to address dependencies