View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0008036 | Taler | Web site(s) | public | 2024-01-07 16:35 | 2024-09-07 17:26 |
Reporter | Christian Grothoff | Assigned To | |||
Priority | low | Severity | tweak | Reproducibility | N/A |
Status | confirmed | Resolution | open | ||
Platform | i7 | OS | Debian GNU/Linux | OS Version | squeeze |
Product Version | git (master) | ||||
Target Version | post-1.0 | ||||
Summary | 0008036: CSP shared between many *.taler.net-sites, should be made specific to each subdomain | ||||
Description | Right now, /etc/nginx/conf.d/talercsp.conf is included in various site configurations (like talerssl.conf). However, the CSP should probably be specific to the various subdomains. I today had to extract the CSP from the SSL configuration file as the CSP as-is created big problems for the merchant backends of the demo (as the SPAs could not interact with the exchange based on the CSP). We should probably create custom CSPs in each *.site file (possibly with the exception of the head/test/demo sites, here the *backends* should set any CSPs that are needed). Some sites already have their custom CSP, but it probably makes sense to use the current talercsp.conf as a starting point and to create a specific CSP for each site. This will, however, require some careful testing / understanding of what CSP the respective site needs. It *looks* pretty obvious which rules are needed for which site, but still after copying the CSP rules into a *.site file (instead of including) and then specializing them for the respective site, the site should be tested to ensure it still works. | ||||
Tags | No tags attached. | ||||
|
ACK. Please let me (ASAP) do further investigation on this, to see if I can make some of the suggested improvements. Thank you for the great explanation of the task. |
Date Modified | Username | Field | Change |
---|---|---|---|
2024-01-07 16:35 | Christian Grothoff | New Issue | |
2024-01-07 16:35 | Christian Grothoff | Status | new => assigned |
2024-01-07 16:35 | Christian Grothoff | Assigned To | => javier.sepulveda |
2024-01-08 13:10 | javier.sepulveda | Note Added: 0020822 | |
2024-01-30 01:05 | Christian Grothoff | Priority | normal => low |
2024-09-07 17:26 | Christian Grothoff | Assigned To | javier.sepulveda => |
2024-09-07 17:26 | Christian Grothoff | Status | assigned => confirmed |