Code commits

Openfire (master)

Guus der Kinderen 06 Dec 2023 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041

OF-2746: Add 'Content-Security-Policy' headers to HTTP responses
Two new groups of settings are introduced, that control if, and ifso which, 'Content-Security-Policy' headers are added to HTTP responses generated by Openfire.

One group of settings controls the behavior of the Admin Console HTTP responses (ports 9090/9091), and another group controls that of the Web Binding endpoints (7070/7443)

Both groups can be controlled on the admin console. The pages `Server > Server Manager > Admin Console Access` and `Server > Server Settings > Web Binding` have been adjusted to get new controls for this.

The default values for the CSP response header differ. They have been made as strict as possible, without implementing significant changes to the Admin Console (there's room for improvement here).
- i18n/src/main/resources/openfire_i18n.properties (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- i18n/src/main/resources/openfire_i18n_cs_CZ.properties (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- i18n/src/main/resources/openfire_i18n_de.properties (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- i18n/src/main/resources/openfire_i18n_es.properties (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- i18n/src/main/resources/openfire_i18n_fr.properties (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- i18n/src/main/resources/openfire_i18n_ja_JP.properties (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- i18n/src/main/resources/openfire_i18n_nl.properties (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- i18n/src/main/resources/openfire_i18n_pl_PL.properties (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- i18n/src/main/resources/openfire_i18n_pt_BR.properties (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- i18n/src/main/resources/openfire_i18n_pt_PT.properties (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- i18n/src/main/resources/openfire_i18n_ru_RU.properties (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- i18n/src/main/resources/openfire_i18n_sk.properties (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- i18n/src/main/resources/openfire_i18n_uk_UA.properties (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- i18n/src/main/resources/openfire_i18n_zh_CN.properties (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- xmppserver/src/main/java/org/jivesoftware/admin/AdminContentSecurityPolicyFilter.java (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- xmppserver/src/main/java/org/jivesoftware/admin/ContentSecurityPolicyFilter.java (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- xmppserver/src/main/java/org/jivesoftware/openfire/container/AdminConsolePlugin.java (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- xmppserver/src/main/java/org/jivesoftware/openfire/http/HttpBindContentSecurityPolicyFilter.java (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- xmppserver/src/main/java/org/jivesoftware/openfire/http/HttpBindManager.java (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- xmppserver/src/main/webapp/available-plugins.jsp (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- xmppserver/src/main/webapp/http-bind.jsp (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)
- xmppserver/src/main/webapp/system-admin-console-access.jsp (version 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041)

Build: #2527 was successful Changes by Guus der Kinderen

Stages & jobs

Default Stage

Code commits

Openfire (master)

Guus der Kinderen 06 Dec 2023 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041

Build #2,527

Build: #2527 was successful Changes by Guus der Kinderen

Stages & jobs

Default Stage

Code commits

Openfire (master)

Guus der Kinderen 06 Dec 2023 934fe47b9ce2c75e93ebd93dcaffbea3f2db6041