- Added support for W3C Content Security Policy(CSP) * For details about CSP, see https://www.w3.org/TR/CSP/
* New calls: security::csp::nonce: Generate a CSP nonce token token
security::csp::require /directive/ /value/: Add a requirements of a page to the CSP in order to generate later a tailored policy with the minimal permissions for this page. For example, the following requirement is currently added per default to the oacs-master template to permit style tags and style attribites in the markup.
security::csp::require style-src 'unsafe-inline'
security::csp::render: Generate a policy from the requirements
* Added Kernel Parameter CSPEnabledP to activate/desctivate CSP (default on)
- Bump version numbers acs-tcl to 5.9.1d11 acs-bootstrap-installer to 5.9.1d4 acs-kernel to 5.9.1d17
Loading ...