public inbox for [email protected]
help / color / mirror / Atom feedContent Security Policy
2+ messages / 2 participants
[nested] [flat]
* Content Security Policy
@ 2017-01-10 03:21 Jonas Thelemann <[email protected]>
0 siblings, 1 reply; 2+ messages in thread
From: Jonas Thelemann @ 2017-01-10 03:21 UTC (permalink / raw)
To: pgadmin-hackers
Good day pgadmin-hackers,
my name is Jonas Thelemann and I just joined this mailing list. It's my
first mailing list, so I try my best to not make any mistakes.
I joined because I want to contribute some small adjustments to pgadmin.
More precisely to address CSP (Content Security Policy
<https://content-security-policy.com/;) issues.
I wanted to migrate from phppgadmin to pgadmin, because it's the more
contemporary solution, it's possible to influence the development and
because I had problems with my website's CSP restrictions with
phppgadmin. The main problem is just that there is inline JavaScript on
the html page(s) which is considered as insecure by CSP. This issue is
very easy to eliminate though. All occurrences of '<script>foo</script>'
- I counted three so far - have to be replaced with '<script
src="bar"></script>'.
If no one else is currently "working" [that's not serious work, I know]
on this and this can be realized, I'd like to make these small changes
to get to know Git a little bit better.
Greetings from Germany,
Jonas Thelemann
^ permalink raw reply [nested|flat] 2+ messages in thread
* Re: Content Security Policy
@ 2017-01-10 04:02 Dave Page <[email protected]>
parent: Jonas Thelemann <[email protected]>
0 siblings, 0 replies; 2+ messages in thread
From: Dave Page @ 2017-01-10 04:02 UTC (permalink / raw)
To: Jonas Thelemann <[email protected]>; +Cc: pgadmin-hackers
Hi
On Tue, Jan 10, 2017 at 8:51 AM, Jonas Thelemann
<[email protected]> wrote:
> Good day pgadmin-hackers,
>
> my name is Jonas Thelemann and I just joined this mailing list. It's my
> first mailing list, so I try my best to not make any mistakes.
> I joined because I want to contribute some small adjustments to pgadmin.
> More precisely to address CSP (Content Security Policy) issues.
> I wanted to migrate from phppgadmin to pgadmin, because it's the more
> contemporary solution, it's possible to influence the development and
> because I had problems with my website's CSP restrictions with phppgadmin.
> The main problem is just that there is inline JavaScript on the html page(s)
> which is considered as insecure by CSP. This issue is very easy to eliminate
> though. All occurrences of '<script>foo</script>' - I counted three so far -
> have to be replaced with '<script src="bar"></script>'.
> If no one else is currently "working" [that's not serious work, I know] on
> this and this can be realized, I'd like to make these small changes to get
> to know Git a little bit better.
Please feel free to submit a patch. I don't believe anyone is working on this.
Thanks, Dave.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
--
Sent via pgadmin-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgadmin-hackers
^ permalink raw reply [nested|flat] 2+ messages in thread
end of thread, other threads:[~2017-01-10 04:02 UTC | newest]
Thread overview: 2+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2017-01-10 03:21 Content Security Policy Jonas Thelemann <[email protected]>
2017-01-10 04:02 ` Dave Page <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox