Skip to content

Implement CSP for the registrar console#3129

Open
gbrodman wants to merge 1 commit into
google:masterfrom
gbrodman:csp
Open

Implement CSP for the registrar console#3129
gbrodman wants to merge 1 commit into
google:masterfrom
gbrodman:csp

Conversation

@gbrodman

@gbrodman gbrodman commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Implement a hybrid Content Security Policy (CSP) for the Registrar Console to protect against XSS

  • The CspFilter injects the proper headers on the Java backend endpoints
  • Uinsg Jetty's HeaderFilter to inject the header for statically-served frontend assets

We need to add the ee10-servlets.ini file for Jetty to have acess to the HeaderFilter class


This change is Reviewable

Implement a hybrid Content Security Policy (CSP) for the Registrar Console
to protect against XSS

- The CspFilter injects the proper headers on the Java backend endpoints
- Uinsg Jetty's HeaderFilter to inject the header for statically-served
  frontend assets

We need to add the ee10-servlets.ini file for Jetty to have acess to the
HeaderFilter class
@gbrodman gbrodman requested a review from ptkach July 1, 2026 17:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant