My Oracle Support Banner

Using Content Security Policy With Convergence (Doc ID 2579944.1)

Last updated on JANUARY 25, 2021

Applies to:

Oracle Communications Convergence - Version 3.0.2 and later
Information in this document applies to any platform.

Goal

Qn1:On : Oracle Communications Convergence 3.0.2.1.0 version, Functionality
  GlassFish Server Open Source Edition 5.0.1 (build java_re-private)

Using Content Security Policy with Convergence

The only reference to Content Security Policy (https://www.w3.org/TR/CSP2/) we could find for Convergence is in this KM doc:

Convergence And Application Hardening (Doc ID 2498933.1)

where it states adding Content-Security-Policy headers is not supported out-of-the-box.

1. Does Oracle have any recommendation for setting a Content Security Policy which has been tested and confirmed Convergence still works?  What is Oracle's policy on setting the Content Security Policy in Convergence?

2. Or does Oracle believe that the embedded sanitization is sufficient and that CSP should not be specified at all?

3. Are there any plans from Oracle to release a version of Convergence using a more modern version of Dojo and refactoring the Convergence code itself?
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.