moparisthebest/xeps
1
0
Fork 0
mirror of https://github.com/moparisthebest/xeps synced 2024-11-21 08:45:04 -05:00
Code Issues Releases Wiki Activity

XEP-0363: Servers may want to sign headers

Browse Source 
Signed-off-by: Maxime “pep” Buquet <pep@bouah.net>
This commit is contained in:
Maxime “pep” Buquet 2022-01-04 14:44:12 +01:00
parent bb41813924
commit 7bffc70203
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
xep-0363.xml
View File

@ -354,6 +354,7 @@ Content-Security-Policy: default-src 'none'; frame-ancestors 'none';
]]></code> ]]></code>
<p>The provided policy will prohibit a browser from executing all active content from the HTTP upload domain (<em>default-src 'none'</em>) and forbid embedding it from other pages (<em>frame-ancestors 'none'</em>). More information on Content-Security-Policy can be found on <link url="https://infosec.mozilla.org/guidelines/web_security#content-security-policy">infosec.mozilla.org</link>.</p> <p>The provided policy will prohibit a browser from executing all active content from the HTTP upload domain (<em>default-src 'none'</em>) and forbid embedding it from other pages (<em>frame-ancestors 'none'</em>). More information on Content-Security-Policy can be found on <link url="https://infosec.mozilla.org/guidelines/web_security#content-security-policy">infosec.mozilla.org</link>.</p>
<p>Further isolation can be achieved by hosting those files on an entirely different domain instead of using subdomains.</p> <p>Further isolation can be achieved by hosting those files on an entirely different domain instead of using subdomains.</p>
<p>Headers may be signed so that receiving HTTP entities can verify these haven't been tempered with by clients.</p>
</section2> </section2>
<section2 topic="Uploader" anchor="uploader"> <section2 topic="Uploader" anchor="uploader">
<ul> <ul>