Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-8147

Support Content-Security-Policy-Report-Only security header

    XMLWordPrintable

    Details

    • Type: Feature Request
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 4.4.0.Final
    • Component/s: Services
    • Labels:
      None

      Description

      Support for the Content-Security-Policy-Report-Only security response header is crucial in order to configure CSP policies safely.
      The report only header makes it possible to test new security policies and have the browser report any error instead of blocking content.

      See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only and https://www.w3.org/TR/CSP/#cspro-header for details.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                knutz3n Johannes K
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: