Subject Re: Setting options regarding security
From Boris Borzic <.> <Boris Borzic <.>>
Date Thu, 1 Jul 2021 10:41:29 -0400
Newsgroups xb2net

Martin Altmann <altmann@altem.de> wrote in
news:mihyy6465ayhj5z.010720210505@BACKUP:

> I am using version 4.1 and am trying to set some configuration options
> regarding security.
> Not all of them are setable within the <HEAD>-section of the
> html-file: I can set those Options:
><meta http-equiv="Content-Security-Policy" content="default-src 'none';
> script-src 'self'; connect-src 'self'; img-src 'self'; style-src
> 'self';base-uri 'self';form-action 'self'">
><meta name="referrer" content="same-origin">
> but am failing to do so with others like:
> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transp
> ort-Security
> https://developer.mozilla.org/de/docs/Web/HTTP/Headers/X-Content-Type-O
> ptions
> https://developer.mozilla.org/de/docs/Web/HTTP/Headers/X-Frame-Options
> as they are server settings, not a per-file setting.
> Do I have a chance to set those within the xbHTTPServer-configuration?
> Is there a chance to set the other two (Content-Security-Policy and
> referrer) server-wide as well (so that I would not have to include
> them within every html-file)

Please have a look at the FilterRequest function in WEBSERVE.PRG included
with v4.1. Some of these settings have been included, you can add your own.

Also, whenever you upgrade versions, I strongly recommend to compare the
included source code with previous versions as well as your own versions of
these. The changes in source code may include bug fixes, security updates
and best practice experience.

--
Best regards,
Boris Borzic

http://xb2.net
http://sqlexpress.net
industrial strength Xbase++ development tools

Recent messages in this thread
 
-# Setting options regarding security Martin Altmann 01-Jul-2021 05:05 am
.-# Re: Setting options regarding security (Current message) Boris Borzic <.> 01-Jul-2021 10:41 am
..-# Re: Setting options regarding security Martin Altmann 01-Jul-2021 04:54 pm
...-# Re: Setting options regarding security Boris Borzic <.> 01-Jul-2021 06:51 pm
....-# Re: Setting options regarding security Martin Altmann 02-Jul-2021 01:47 am
.....-# Re: Setting options regarding security Martin Altmann 02-Jul-2021 03:48 am
......-# Re: Setting options regarding security Martin Altmann 04-Jul-2021 04:38 am
.......-# Re: Setting options regarding security Boris Borzic <.> 05-Jul-2021 06:44 pm
........\# Re: Setting options regarding security Martin Altmann 05-Jul-2021 11:12 pm