diff options
author | Jiaqing Zhao <jiaqing.zhao@intel.com> | 2022-03-16 19:18:58 +0300 |
---|---|---|
committer | Jiaqing Zhao <jiaqing.zhao@intel.com> | 2022-03-21 04:50:43 +0300 |
commit | 91ac2e57c416bbdf95fa9242eaf8e5f9e118d5ba (patch) | |
tree | 367e85b8974a85edfa49445702174c272a601080 /include/dbus_utility.hpp | |
parent | 80badf7ceff486ef2bcb912309563919fc5326ea (diff) | |
download | bmcweb-91ac2e57c416bbdf95fa9242eaf8e5f9e118d5ba.tar.xz |
Replace CSP plugin-types directive with object-src
The HTTP Content-Security-Policy (CSP) plugin-types directive has been
removed from the specification and is not supported by most browsers.
Chrome browser suggests to specify "object-src 'none'" instead to block
plugins, so replace it with that directive.
Refer https://github.com/w3c/webappsec-csp/issues/394 for details about
this change.
Tested:
* In Chrome 99.0.4844.74, it no longer gives errors about CSP
plugin-types directive.
* Checked neiter <embed>, <object> or <applet> tags are used in eiter
phosphor-webui or webui-vue.
* Using webui-vue, KVM and SOL Console works.
Change-Id: I79d7ed1de2c4d204bf040e7b32a7b6afe354862c
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
Diffstat (limited to 'include/dbus_utility.hpp')
0 files changed, 0 insertions, 0 deletions