View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001283 | savapage-server | [All Projects] Security | public | 2025-01-21 14:18 | 2025-01-21 14:18 |
| Reporter | rijkr | Assigned To | rijkr | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | assigned | Resolution | open | ||
| Product Version | 1.5.0 | ||||
| Target Version | Fixed in Version | ||||
| Summary | 0001283: Make WebApp CSP compliant | ||||
| Description | IST: Wicket 9.x introduced a Content Security Policy (CSP) that is active by default and prevents inline JavaScript and CSS code from been executed. SavaPage does not comply to CSP. As a result WebApp UI is completely scrambled. For now, this policy is disabled in Wicket. SOLL: Comply to CSP. | ||||
| Additional Information | https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP | ||||
| Tags | No tags attached. | ||||
