diff options
author | Ed Tanous <ed.tanous@intel.com> | 2018-12-19 17:59:28 -0800 |
---|---|---|
committer | Ed Tanous <ed.tanous@intel.com> | 2018-12-22 17:36:03 +0000 |
commit | 0f2f981e3218a57f89995aa6cb6b684b2ec0ba8f (patch) | |
tree | 7140663c2b9acfa7da750fb4d86fb9982bf2514a /app/common/directives | |
parent | 7c2b7c124f620da1ff0f8a70fd32b93e97d28871 (diff) | |
download | phosphor-webui-0f2f981e3218a57f89995aa6cb6b684b2ec0ba8f.tar.gz phosphor-webui-0f2f981e3218a57f89995aa6cb6b684b2ec0ba8f.zip |
Enable strict content security policy
Webpack allows us to define a content security policy that utilizes
hashes to define what is, and isn't allowed to execute in the page
context. Because we're a single page application, this means that we
can effectively defend the whole page with a few extra lines of setup.
This does not utilitize _any_ of the unsafe-* calls that content
security policy has, which should meet security standards for all uses.
Tested By:
Launched GUI, observed no functional changes, and watched console for
CSP errors. Saw none.
Change-Id: I892df1f1b004384943be0ae6e51046054991fd45
Signed-off-by: Ed Tanous <ed.tanous@intel.com>
Diffstat (limited to 'app/common/directives')
0 files changed, 0 insertions, 0 deletions