Using Content Security Policy With Convergence
(Doc ID 2579944.1)
Last updated on JULY 22, 2022
Applies to:Oracle Communications Convergence - Version 3.0.2 and later
Information in this document applies to any platform.
Qn1:On : Oracle Communications Convergence 220.127.116.11.0 version, Functionality
GlassFish Server Open Source Edition 5.0.1 (build java_re-private)
Using Content Security Policy with Convergence
The only reference to Content Security Policy (https://www.w3.org/TR/CSP2/) we could find for Convergence is in this KM doc:
Convergence And Application Hardening (Doc ID 2498933.1)
where it states adding Content-Security-Policy headers is not supported out-of-the-box.
1. Does Oracle have any recommendation for setting a Content Security Policy which has been tested and confirmed Convergence still works? What is Oracle's policy on setting the Content Security Policy in Convergence?
2. Or does Oracle believe that the embedded sanitization is sufficient and that CSP should not be specified at all?
3. Are there any plans from Oracle to release a version of Convergence using a more modern version of Dojo and refactoring the Convergence code itself?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document