Add Content Security Policy Support

[jgrandja]

• Adds CSP support to the Java DSL of HeadersConfigurer
• Implementation is pretty straight forward but the documentation is important here so please review and provide feedback on whether it's sufficient

[rwinch]

I think this should be removed. User's can always invoke contentSecurityPolicy again.

[rwinch]

@pivotal-joe-grandja Thanks for the PR!

I would try to add a link to one or more of the more popular CSP guides (http://www.html5rocks.com/en/tutorials/security/content-security-policy/ or https://developer.mozilla.org/en-US/docs/Web/Security/CSP are nice)

We should also update the headers section of the reference.

Also, we will likely merge all of the CSP stuff at once so feel free to update this PR and squash commits as you get the XML support and documentation updated.

[jgrandja]

Ok thanks Rob.
I'll apply those updates.

On Thu, Mar 17, 2016 at 12:04 PM, Rob Winch notifications@github.com
wrote:

@pivotal-joe-grandja https://github.com/pivotal-joe-grandja Thanks for
the PR!

I would try to add a link to one or more of the more popular CSP guides (
http://www.html5rocks.com/en/tutorials/security/content-security-policy/
or https://developer.mozilla.org/en-US/docs/Web/Security/CSP are nice)

We should also update the headers section
https://github.com/spring-projects/spring-security/blob/41c6a797c3303b78a6f1ac6d82efeae3773f680c/docs/manual/src/docs/asciidoc/index.adoc#headers
of the reference.

Also, we will likely merge all of the CSP stuff at once so feel free to
update this PR and squash commits as you get the XML support and
documentation updated.

—
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub
#3763 (comment)

[rwinch]

This will fix #2342

[rwinch]

@pivotal-joe-grandja Thanks for the updates! This is now merged into master via 2f7f2ff