Skip to content
Snippets Groups Projects
Commit eaed2363 authored by srosse's avatar srosse
Browse files

OO-3415: enable per default the security features (but CSP only in reporting mode)

parent 680d1fb3
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/main/java/org/olat/core/commons/services/csp/CSPModule.java
+ 5
5
View file @ eaed2363
......@@ -65,15 +65,15 @@ public class CSPModule extends AbstractSpringModule {
private static final String CONTENT_SECURITY_POLICY_OBJECT_SRC = "base.security.contentSecurityPolicy.objectSrc";
private static final String CONTENT_SECURITY_POLICY_PLUGIN_TYPE = "base.security.contentSecurityPolicy.pluginType";
@Value("${base.security.frameOptionsSameOrigine:disabled}")
@Value("${base.security.frameOptionsSameOrigine:enabled}")
private String xFrameOptionsSameorigin;
@Value("${base.security.strictTransportSecurity:disabled}")
@Value("${base.security.strictTransportSecurity:enabled}")
private String strictTransportSecurity;
@Value("${base.security.xContentTypeOptions:disabled}")
@Value("${base.security.xContentTypeOptions:enabled}")
private String xContentTypeOptions;
@Value("${base.security.contentSecurityPolicy:disabled}")
@Value("${base.security.contentSecurityPolicy:enabled}")
private String contentSecurityPolicy;
@Value("${base.security.contentSecurityPolicy.reportOnly:disabled}")
@Value("${base.security.contentSecurityPolicy.reportOnly:enabled}")
private String contentSecurityPolicyReportOnly;
@Value("${base.security.contentSecurityPolicy.defaultSrc:}")
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment