1
0
mirror of https://github.com/google/nomulus synced 2026-07-18 14:02:35 +00:00
Files
nomulus/core
gbrodman 653da19e53 Implement CSP for the registrar console (#3129)
Implement a hybrid Content Security Policy (CSP) for the Registrar Console
to protect against XSS

- The CspFilter injects the proper headers on the Java backend endpoints
- Uinsg Jetty's HeaderFilter to inject the header for statically-served
  frontend assets

We need to add the ee10-servlets.ini file for Jetty to have acess to the
HeaderFilter class
2026-07-10 18:03:36 +00:00
..
2026-04-02 21:23:00 +00:00