mirror of
https://github.com/google/nomulus
synced 2026-07-18 14:02:35 +00:00
653da19e53
Implement a hybrid Content Security Policy (CSP) for the Registrar Console to protect against XSS - The CspFilter injects the proper headers on the Java backend endpoints - Uinsg Jetty's HeaderFilter to inject the header for statically-served frontend assets We need to add the ee10-servlets.ini file for Jetty to have acess to the HeaderFilter class