Martin Altmann <firstname.lastname@example.org> wrote in
> I am using version 4.1 and am trying to set some configuration options
> regarding security.
> Not all of them are setable within the <HEAD>-section of the
> html-file: I can set those Options:
><meta http-equiv="Content-Security-Policy" content="default-src 'none';
> script-src 'self'; connect-src 'self'; img-src 'self'; style-src
> 'self';base-uri 'self';form-action 'self'">
><meta name="referrer" content="same-origin">
> but am failing to do so with others like:
> as they are server settings, not a per-file setting.
> Do I have a chance to set those within the xbHTTPServer-configuration?
> Is there a chance to set the other two (Content-Security-Policy and
> referrer) server-wide as well (so that I would not have to include
> them within every html-file)
Please have a look at the FilterRequest function in WEBSERVE.PRG included
with v4.1. Some of these settings have been included, you can add your own.
Also, whenever you upgrade versions, I strongly recommend to compare the
included source code with previous versions as well as your own versions of
these. The changes in source code may include bug fixes, security updates
and best practice experience.
industrial strength Xbase++ development tools