- Added support for W3C Content Security Policy(CSP) * For details about CSP, see https://www.w3.org/TR/CSP/ * New calls: security::csp::nonce: Generate a CSP nonce token token security::csp::require /directive/ /value/: Add a requirements of a page to the CSP in order to generate later a tailored policy with the minimal permissions for this page. For example, the following requirement is currently added per default to the oacs-master template to permit style tags and style attribites in the markup. security::csp::require style-src 'unsafe-inline' security::csp::render: Generate a policy from the requirements * Added Kernel Parameter CSPEnabledP to activate/desctivate CSP (default on)- Bump version numbers acs-tcl to 5.9.1d11 acs-bootstrap-installer to 5.9.1d4 acs-kernel to 5.9.1d17
Show less
