All geek questions in one place

What to do to make the product GWT Strict CSP Comapatible?

I made a web application in gwt, CSP Mitigator says that I have many eval statements and javascript uri in js, so my project is not Strict CSP Compatible.

But the problem in my case is that I write code in java and gwwt create js for me.

I also asked the gwt community, but they say that in the next version of gwt csp compliance will be respected.

But until then, does anyone know how I can solve this vulnerability.

+4
source share
2 answers

Gwt 2.8.2 is released, which meets the requirements of csp.

+4
source

Not completely out of the box, only improved CSP support in gwt-2.8.2.

, GWT js URL- , : image/gif; base64.. img-src 'self';

, URL- CSP. img-src 'self':; .

gwt.xml. : URL

<set-property name="ClientBundle.enableInlining" value="false" />

CSP, GWT - eval, -eval CSP.

, , CSP, eval , .

https://github.com/gwtproject/gwt/issues/9578

+1

Source: https://habr.com/ru/post/1687143/

More articles:


All Articles