3334 |
14 May 07 |
nicklas |
1 |
<?xml version="1.0" encoding="UTF-8"?> |
3334 |
14 May 07 |
nicklas |
2 |
<!DOCTYPE appendix PUBLIC |
3334 |
14 May 07 |
nicklas |
3 |
"-//Dawid Weiss//DTD DocBook V3.1-Based Extension for XML and graphics inclusion//EN" |
3334 |
14 May 07 |
nicklas |
4 |
"../../../../lib/docbook/preprocess/dweiss-docbook-extensions.dtd"> |
3334 |
14 May 07 |
nicklas |
5 |
<!-- |
3334 |
14 May 07 |
nicklas |
$Id$ |
3334 |
14 May 07 |
nicklas |
7 |
|
3675 |
16 Aug 07 |
jari |
Copyright (C) 2007 Nicklas Nordborg |
4889 |
06 Apr 09 |
nicklas |
Copyright (C) 2008 Jari Häkkinen, Nicklas Nordborg |
3334 |
14 May 07 |
nicklas |
10 |
|
3334 |
14 May 07 |
nicklas |
This file is part of BASE - BioArray Software Environment. |
3334 |
14 May 07 |
nicklas |
Available at http://base.thep.lu.se/ |
3334 |
14 May 07 |
nicklas |
13 |
|
3334 |
14 May 07 |
nicklas |
BASE is free software; you can redistribute it and/or |
3334 |
14 May 07 |
nicklas |
modify it under the terms of the GNU General Public License |
4477 |
05 Sep 08 |
jari |
as published by the Free Software Foundation; either version 3 |
3334 |
14 May 07 |
nicklas |
of the License, or (at your option) any later version. |
3334 |
14 May 07 |
nicklas |
18 |
|
3334 |
14 May 07 |
nicklas |
BASE is distributed in the hope that it will be useful, |
3334 |
14 May 07 |
nicklas |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
3334 |
14 May 07 |
nicklas |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
3334 |
14 May 07 |
nicklas |
GNU General Public License for more details. |
3334 |
14 May 07 |
nicklas |
23 |
|
3334 |
14 May 07 |
nicklas |
You should have received a copy of the GNU General Public License |
4509 |
11 Sep 08 |
jari |
along with BASE. If not, see <http://www.gnu.org/licenses/>. |
3334 |
14 May 07 |
nicklas |
26 |
--> |
3334 |
14 May 07 |
nicklas |
27 |
|
3334 |
14 May 07 |
nicklas |
28 |
<appendix id="appendix.web.xml"> |
5782 |
04 Oct 11 |
nicklas |
29 |
<?dbhtml filename="web.xml.html" ?> |
3334 |
14 May 07 |
nicklas |
30 |
<title>web.xml reference</title> |
4388 |
12 Aug 08 |
nicklas |
31 |
<para> |
4388 |
12 Aug 08 |
nicklas |
32 |
The <filename>web.xml</filename> file is one step up from the main configuration |
4388 |
12 Aug 08 |
nicklas |
33 |
directory. It is located in the <filename><basedir>/www/WEB-INF</filename> |
4400 |
20 Aug 08 |
jari |
34 |
directory. This configuration file contains settings that are related to the web |
4400 |
20 Aug 08 |
jari |
35 |
application only. Most settings in this file should not be changed because they |
4388 |
12 Aug 08 |
nicklas |
36 |
are vital for the functionality of BASE. |
4388 |
12 Aug 08 |
nicklas |
37 |
</para> |
4388 |
12 Aug 08 |
nicklas |
38 |
|
4388 |
12 Aug 08 |
nicklas |
39 |
<variablelist> |
4388 |
12 Aug 08 |
nicklas |
40 |
<varlistentry> |
4388 |
12 Aug 08 |
nicklas |
41 |
<term><sgmltag class="starttag">error-page</sgmltag></term> |
4388 |
12 Aug 08 |
nicklas |
42 |
<listitem> |
4388 |
12 Aug 08 |
nicklas |
43 |
<para> |
4388 |
12 Aug 08 |
nicklas |
44 |
If an error occurs during a page request, the execution is |
4400 |
20 Aug 08 |
jari |
45 |
forwarded to the specified JSP which will display information |
4388 |
12 Aug 08 |
nicklas |
46 |
about the error. |
4388 |
12 Aug 08 |
nicklas |
47 |
</para> |
4388 |
12 Aug 08 |
nicklas |
48 |
</listitem> |
4388 |
12 Aug 08 |
nicklas |
49 |
</varlistentry> |
4388 |
12 Aug 08 |
nicklas |
50 |
|
4388 |
12 Aug 08 |
nicklas |
51 |
<varlistentry> |
4388 |
12 Aug 08 |
nicklas |
52 |
<term><sgmltag class="starttag">context-param</sgmltag>: max-url-length</term> |
4388 |
12 Aug 08 |
nicklas |
53 |
<listitem> |
4388 |
12 Aug 08 |
nicklas |
54 |
<para> |
4400 |
20 Aug 08 |
jari |
55 |
This setting is here to resolve a potential problem with too long |
4388 |
12 Aug 08 |
nicklas |
56 |
generated URL:s. This may happen when BASE needs to open a |
4400 |
20 Aug 08 |
jari |
57 |
pop-up window and a user has selected a lot of items |
4400 |
20 Aug 08 |
jari |
58 |
(<emphasis>e.g.</emphasis>, several hundred). Typically the |
4400 |
20 Aug 08 |
jari |
59 |
generated URL contains all selected ID:s. Some web servers |
4400 |
20 Aug 08 |
jari |
60 |
have limitations on the length of an URL (<emphasis>e.g.</emphasis>, |
4388 |
12 Aug 08 |
nicklas |
61 |
Apache has a default max of 8190 bytes). If the generated URL is |
4388 |
12 Aug 08 |
nicklas |
62 |
longer that this setting, BASE will re-write the request to make |
4388 |
12 Aug 08 |
nicklas |
63 |
the URL shorter and supply the rest of the parameters as part |
4388 |
12 Aug 08 |
nicklas |
64 |
of a POST request instead. This functionality can disabled by |
4388 |
12 Aug 08 |
nicklas |
65 |
setting this value to 0. For more information see |
7982 |
14 Jun 21 |
nicklas |
66 |
<ulink url="https://base.thep.lu.se/ticket/1032">https://base.thep.lu.se/ticket/1032</ulink>. |
4388 |
12 Aug 08 |
nicklas |
67 |
</para> |
4388 |
12 Aug 08 |
nicklas |
68 |
</listitem> |
4388 |
12 Aug 08 |
nicklas |
69 |
</varlistentry> |
4388 |
12 Aug 08 |
nicklas |
70 |
|
4388 |
12 Aug 08 |
nicklas |
71 |
<varlistentry> |
4388 |
12 Aug 08 |
nicklas |
72 |
<term><sgmltag class="starttag">servlet</sgmltag>: BASE</term> |
4388 |
12 Aug 08 |
nicklas |
73 |
<listitem> |
4388 |
12 Aug 08 |
nicklas |
74 |
<para> |
4400 |
20 Aug 08 |
jari |
75 |
A servlet that starts BASE when Tomcat starts, and stops BASE |
4388 |
12 Aug 08 |
nicklas |
76 |
when Tomcat stops. Do not modify. |
4388 |
12 Aug 08 |
nicklas |
77 |
</para> |
4388 |
12 Aug 08 |
nicklas |
78 |
</listitem> |
4388 |
12 Aug 08 |
nicklas |
79 |
</varlistentry> |
4388 |
12 Aug 08 |
nicklas |
80 |
|
4388 |
12 Aug 08 |
nicklas |
81 |
<varlistentry> |
4388 |
12 Aug 08 |
nicklas |
82 |
<term><sgmltag class="starttag">servlet</sgmltag>: view/download</term> |
4388 |
12 Aug 08 |
nicklas |
83 |
<listitem> |
4388 |
12 Aug 08 |
nicklas |
84 |
<para> |
4388 |
12 Aug 08 |
nicklas |
85 |
File view/download servlet. It is possible to change the default |
4400 |
20 Aug 08 |
jari |
86 |
MIME type for use with files of unknown type. |
4388 |
12 Aug 08 |
nicklas |
87 |
</para> |
4388 |
12 Aug 08 |
nicklas |
88 |
</listitem> |
4388 |
12 Aug 08 |
nicklas |
89 |
</varlistentry> |
4388 |
12 Aug 08 |
nicklas |
90 |
|
4388 |
12 Aug 08 |
nicklas |
91 |
<varlistentry> |
5678 |
29 Jun 11 |
nicklas |
92 |
<term><sgmltag class="starttag">servlet</sgmltag>: upload</term> |
5678 |
29 Jun 11 |
nicklas |
93 |
<listitem> |
5678 |
29 Jun 11 |
nicklas |
94 |
<para> |
5678 |
29 Jun 11 |
nicklas |
95 |
Servlet for handling file uploads. Do not modify. |
5678 |
29 Jun 11 |
nicklas |
96 |
</para> |
5678 |
29 Jun 11 |
nicklas |
97 |
</listitem> |
5678 |
29 Jun 11 |
nicklas |
98 |
</varlistentry> |
5678 |
29 Jun 11 |
nicklas |
99 |
|
5678 |
29 Jun 11 |
nicklas |
100 |
<varlistentry> |
4388 |
12 Aug 08 |
nicklas |
101 |
<term><sgmltag class="starttag">servlet</sgmltag>: spotimage</term> |
4388 |
12 Aug 08 |
nicklas |
102 |
<listitem> |
4388 |
12 Aug 08 |
nicklas |
103 |
<para> |
4388 |
12 Aug 08 |
nicklas |
104 |
Servlet for displaying spot images. Do not modify. |
4388 |
12 Aug 08 |
nicklas |
105 |
</para> |
4388 |
12 Aug 08 |
nicklas |
106 |
</listitem> |
4388 |
12 Aug 08 |
nicklas |
107 |
</varlistentry> |
4388 |
12 Aug 08 |
nicklas |
108 |
|
4388 |
12 Aug 08 |
nicklas |
109 |
<varlistentry> |
4388 |
12 Aug 08 |
nicklas |
110 |
<term><sgmltag class="starttag">servlet</sgmltag>: plotter</term> |
4388 |
12 Aug 08 |
nicklas |
111 |
<listitem> |
4388 |
12 Aug 08 |
nicklas |
112 |
<para> |
4388 |
12 Aug 08 |
nicklas |
113 |
Servlet for the plot tool in the analysis section. You may |
4388 |
12 Aug 08 |
nicklas |
114 |
specify max and default values for the width and height for the |
4388 |
12 Aug 08 |
nicklas |
115 |
generated images. The supported image formats are "png" and "jpeg". |
4388 |
12 Aug 08 |
nicklas |
116 |
</para> |
4388 |
12 Aug 08 |
nicklas |
117 |
</listitem> |
4388 |
12 Aug 08 |
nicklas |
118 |
</varlistentry> |
4388 |
12 Aug 08 |
nicklas |
119 |
|
4388 |
12 Aug 08 |
nicklas |
120 |
<varlistentry> |
5678 |
29 Jun 11 |
nicklas |
121 |
<term><sgmltag class="starttag">servlet</sgmltag>: eeplotter</term> |
5678 |
29 Jun 11 |
nicklas |
122 |
<listitem> |
5678 |
29 Jun 11 |
nicklas |
123 |
<para> |
5678 |
29 Jun 11 |
nicklas |
124 |
Servlet for the plot tool in the experiment explorer section. It |
5678 |
29 Jun 11 |
nicklas |
125 |
can use the same configuration properties for size and image format |
5678 |
29 Jun 11 |
nicklas |
126 |
as the plotter servlet. |
5678 |
29 Jun 11 |
nicklas |
127 |
</para> |
5678 |
29 Jun 11 |
nicklas |
128 |
</listitem> |
5678 |
29 Jun 11 |
nicklas |
129 |
</varlistentry> |
5678 |
29 Jun 11 |
nicklas |
130 |
|
5678 |
29 Jun 11 |
nicklas |
131 |
<varlistentry> |
5678 |
29 Jun 11 |
nicklas |
132 |
<term><sgmltag class="starttag">servlet</sgmltag>: news-feed</term> |
5678 |
29 Jun 11 |
nicklas |
133 |
<listitem> |
5678 |
29 Jun 11 |
nicklas |
134 |
<para> |
5678 |
29 Jun 11 |
nicklas |
135 |
Servlet for generating a RSS feed for the news on the front page. |
5678 |
29 Jun 11 |
nicklas |
136 |
Comment out this servlet if you do not want to use the RSS feed. |
5678 |
29 Jun 11 |
nicklas |
137 |
</para> |
5678 |
29 Jun 11 |
nicklas |
138 |
</listitem> |
5678 |
29 Jun 11 |
nicklas |
139 |
</varlistentry> |
5678 |
29 Jun 11 |
nicklas |
140 |
|
5678 |
29 Jun 11 |
nicklas |
141 |
<varlistentry> |
4388 |
12 Aug 08 |
nicklas |
142 |
<term><sgmltag class="starttag">servlet</sgmltag>: ExtensionsServlet</term> |
4388 |
12 Aug 08 |
nicklas |
143 |
<listitem> |
4388 |
12 Aug 08 |
nicklas |
144 |
<para> |
4388 |
12 Aug 08 |
nicklas |
145 |
Servlet for handling startup/shutdown of the extensions system as well |
4400 |
20 Aug 08 |
jari |
146 |
as requests to extension servlets. Do not modify. Do not disable even if |
4400 |
20 Aug 08 |
jari |
147 |
extensions are not used. |
4388 |
12 Aug 08 |
nicklas |
148 |
</para> |
4388 |
12 Aug 08 |
nicklas |
149 |
</listitem> |
4388 |
12 Aug 08 |
nicklas |
150 |
</varlistentry> |
7609 |
27 Feb 19 |
nicklas |
151 |
|
7609 |
27 Feb 19 |
nicklas |
152 |
<varlistentry> |
7609 |
27 Feb 19 |
nicklas |
153 |
<term><sgmltag class="starttag">servlet</sgmltag>: jsp</term> |
7609 |
27 Feb 19 |
nicklas |
154 |
<listitem> |
7609 |
27 Feb 19 |
nicklas |
155 |
<para> |
7609 |
27 Feb 19 |
nicklas |
156 |
Overrides the default JSP servlet defined by Tomcat. The parameters included |
7609 |
27 Feb 19 |
nicklas |
157 |
with the distribution are required, but it may be customized if desired. |
7609 |
27 Feb 19 |
nicklas |
158 |
</para> |
7609 |
27 Feb 19 |
nicklas |
159 |
</listitem> |
7609 |
27 Feb 19 |
nicklas |
160 |
</varlistentry> |
4388 |
12 Aug 08 |
nicklas |
161 |
|
4388 |
12 Aug 08 |
nicklas |
162 |
<varlistentry> |
4388 |
12 Aug 08 |
nicklas |
163 |
<term><sgmltag class="starttag">servlet</sgmltag>: xjsp</term> |
4388 |
12 Aug 08 |
nicklas |
164 |
<listitem> |
4388 |
12 Aug 08 |
nicklas |
165 |
<para> |
4400 |
20 Aug 08 |
jari |
166 |
Experimental servlet for compiling *.xjsp files used by |
4388 |
12 Aug 08 |
nicklas |
167 |
extensions. The servlet redirects the compilation of *.xjsp |
4400 |
20 Aug 08 |
jari |
168 |
files to a compiler that includes the extension supplied JAR file(s) |
5678 |
29 Jun 11 |
nicklas |
169 |
in the class path. Can be disabled if no extensions use this feature. |
5737 |
14 Sep 11 |
nicklas |
170 |
See also <xref linkend="plugins.installation.xjspcompiler" /> for more information |
5678 |
29 Jun 11 |
nicklas |
171 |
about how to enable this feature. |
4388 |
12 Aug 08 |
nicklas |
172 |
</para> |
4388 |
12 Aug 08 |
nicklas |
173 |
</listitem> |
4388 |
12 Aug 08 |
nicklas |
174 |
</varlistentry> |
4388 |
12 Aug 08 |
nicklas |
175 |
|
4388 |
12 Aug 08 |
nicklas |
176 |
<varlistentry> |
4388 |
12 Aug 08 |
nicklas |
177 |
<term><sgmltag class="starttag">servlet</sgmltag>: compile</term> |
4388 |
12 Aug 08 |
nicklas |
178 |
<listitem> |
4388 |
12 Aug 08 |
nicklas |
179 |
<para> |
4388 |
12 Aug 08 |
nicklas |
180 |
Experimental servlet for compiling all JSP files. This is |
4388 |
12 Aug 08 |
nicklas |
181 |
mostly useful for developers who want to make sure that |
4388 |
12 Aug 08 |
nicklas |
182 |
no compilation error exists in any JSP file. Can also be |
4388 |
12 Aug 08 |
nicklas |
183 |
used to pre-compile all JSP files to avoid delays during |
4388 |
12 Aug 08 |
nicklas |
184 |
browsing. This servlet is disabled by default. |
4388 |
12 Aug 08 |
nicklas |
185 |
</para> |
4388 |
12 Aug 08 |
nicklas |
186 |
</listitem> |
4388 |
12 Aug 08 |
nicklas |
187 |
</varlistentry> |
4388 |
12 Aug 08 |
nicklas |
188 |
|
4388 |
12 Aug 08 |
nicklas |
189 |
<varlistentry> |
4388 |
12 Aug 08 |
nicklas |
190 |
<term><sgmltag class="starttag">filter</sgmltag>: characterEncoding</term> |
4388 |
12 Aug 08 |
nicklas |
191 |
<listitem> |
4388 |
12 Aug 08 |
nicklas |
192 |
<para> |
4400 |
20 Aug 08 |
jari |
193 |
A filter that sets the character encoding for the JSP |
4400 |
20 Aug 08 |
jari |
194 |
generated HTML. We recommend leaving this at the default UTF-8 |
4400 |
20 Aug 08 |
jari |
195 |
encoding, this default should work with most language in all |
4400 |
20 Aug 08 |
jari |
196 |
modern browsers. |
4388 |
12 Aug 08 |
nicklas |
197 |
</para> |
4388 |
12 Aug 08 |
nicklas |
198 |
</listitem> |
4388 |
12 Aug 08 |
nicklas |
199 |
</varlistentry> |
6497 |
26 Jun 14 |
nicklas |
200 |
</variablelist> |
6410 |
31 Jan 14 |
nicklas |
201 |
|
6497 |
26 Jun 14 |
nicklas |
202 |
<sect1 id="appendix.web.xml.csp-filter"> |
6497 |
26 Jun 14 |
nicklas |
203 |
<title>Content security policy</title> |
6497 |
26 Jun 14 |
nicklas |
204 |
<para> |
6497 |
26 Jun 14 |
nicklas |
205 |
Support for <emphasis>Content Security Policy</emphasis> was added in BASE 3.3. |
6497 |
26 Jun 14 |
nicklas |
206 |
This is a technology that is used to prevent web browsers from accessing and |
6497 |
26 Jun 14 |
nicklas |
207 |
executing content that is considered unsafe. This includes JavaScript, style sheets, |
6497 |
26 Jun 14 |
nicklas |
208 |
images, browser plug-ins, etc. The policy is implemented by white-listing what is |
6497 |
26 Jun 14 |
nicklas |
209 |
allowed, everything else is blocked. |
6497 |
26 Jun 14 |
nicklas |
210 |
</para> |
6497 |
26 Jun 14 |
nicklas |
211 |
|
6497 |
26 Jun 14 |
nicklas |
212 |
<para> |
6497 |
26 Jun 14 |
nicklas |
213 |
In BASE, we have choosen a relatively restrictive policy which only allow resources |
6497 |
26 Jun 14 |
nicklas |
214 |
to be lodaded from the BASE server. Browser plug-ins are always blocked. This should |
6497 |
26 Jun 14 |
nicklas |
215 |
work well for a standard BASE installation. But some (older) extensions to BASE |
6497 |
26 Jun 14 |
nicklas |
216 |
doesn't adhere to the restrictions implied by the policy and may not work unless it |
6497 |
26 Jun 14 |
nicklas |
217 |
is relaxed a bit. Typically, the problem is that the extensions uses inline javascript |
6497 |
26 Jun 14 |
nicklas |
218 |
code to handle mouse clicks and other events, which is forbidden by the default policy |
6497 |
26 Jun 14 |
nicklas |
219 |
settings. In this case, the policy must be relaxed a bit. Typically, |
6497 |
26 Jun 14 |
nicklas |
220 |
adding <code>script-src 'self' 'unsafe-inline';</code> |
6410 |
31 Jan 14 |
nicklas |
221 |
to the policy setting should take care of most issues. If this is not |
6410 |
31 Jan 14 |
nicklas |
222 |
enough to make the extension work the following link is a good starting point |
6410 |
31 Jan 14 |
nicklas |
223 |
for reading more about this: |
6410 |
31 Jan 14 |
nicklas |
224 |
<ulink url="http://www.html5rocks.com/en/tutorials/security/content-security-policy/"> |
6410 |
31 Jan 14 |
nicklas |
225 |
http://www.html5rocks.com/en/tutorials/security/content-security-policy/</ulink> |
6497 |
26 Jun 14 |
nicklas |
226 |
</para> |
6497 |
26 Jun 14 |
nicklas |
227 |
|
6497 |
26 Jun 14 |
nicklas |
228 |
<variablelist> |
6497 |
26 Jun 14 |
nicklas |
229 |
<varlistentry> |
6497 |
26 Jun 14 |
nicklas |
230 |
<term><sgmltag class="starttag">filter</sgmltag>: csp-filter</term> |
6497 |
26 Jun 14 |
nicklas |
231 |
<listitem> |
6497 |
26 Jun 14 |
nicklas |
232 |
<para> |
6497 |
26 Jun 14 |
nicklas |
233 |
A filter that sets the <emphasis>Content security policy</emphasis> |
6497 |
26 Jun 14 |
nicklas |
234 |
header in all responses from the BASE web server. This filter can be removed |
6497 |
26 Jun 14 |
nicklas |
235 |
to disable content security policy, but use this only as a last resort if |
6497 |
26 Jun 14 |
nicklas |
236 |
nothing else works. |
6497 |
26 Jun 14 |
nicklas |
237 |
</para> |
6497 |
26 Jun 14 |
nicklas |
238 |
|
6497 |
26 Jun 14 |
nicklas |
239 |
<para> |
6497 |
26 Jun 14 |
nicklas |
240 |
The following parameters can be specified for the filter: |
6497 |
26 Jun 14 |
nicklas |
241 |
</para> |
6497 |
26 Jun 14 |
nicklas |
242 |
|
6497 |
26 Jun 14 |
nicklas |
243 |
<itemizedlist> |
6497 |
26 Jun 14 |
nicklas |
244 |
<listitem> |
6497 |
26 Jun 14 |
nicklas |
245 |
<para><varname>policy</varname>: The policy string that is sent in the response. The default value |
6497 |
26 Jun 14 |
nicklas |
246 |
is: <code>default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none';</code> |
6497 |
26 Jun 14 |
nicklas |
247 |
</para> |
6497 |
26 Jun 14 |
nicklas |
248 |
</listitem> |
6497 |
26 Jun 14 |
nicklas |
249 |
<listitem> |
6497 |
26 Jun 14 |
nicklas |
250 |
<para><varname>report-only</varname>: If set, policy violations are only reported and not blocked</para> |
6497 |
26 Jun 14 |
nicklas |
251 |
</listitem> |
6497 |
26 Jun 14 |
nicklas |
252 |
<listitem> |
6497 |
26 Jun 14 |
nicklas |
253 |
<para><varname>unsafe-resources-policy</varname>: |
6497 |
26 Jun 14 |
nicklas |
254 |
An alternate policy string that is used for extensions that set |
6497 |
26 Jun 14 |
nicklas |
255 |
<code><sgmltag class="starttag">about safe-resources="0"</sgmltag></code> |
6497 |
26 Jun 14 |
nicklas |
256 |
in their definition. The default value is: |
6497 |
26 Jun 14 |
nicklas |
257 |
<code>default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'none'; script-src 'self' 'unsafe-inline';</code> |
6497 |
26 Jun 14 |
nicklas |
258 |
</para> |
6497 |
26 Jun 14 |
nicklas |
259 |
</listitem> |
6497 |
26 Jun 14 |
nicklas |
260 |
</itemizedlist> |
6497 |
26 Jun 14 |
nicklas |
261 |
|
6497 |
26 Jun 14 |
nicklas |
262 |
</listitem> |
6497 |
26 Jun 14 |
nicklas |
263 |
</varlistentry> |
7428 |
23 Nov 17 |
nicklas |
264 |
|
7428 |
23 Nov 17 |
nicklas |
265 |
<varlistentry> |
7428 |
23 Nov 17 |
nicklas |
266 |
<term><sgmltag class="starttag">servlet</sgmltag>: csp-report</term> |
7428 |
23 Nov 17 |
nicklas |
267 |
<listitem> |
7428 |
23 Nov 17 |
nicklas |
268 |
<para> |
7428 |
23 Nov 17 |
nicklas |
269 |
This servlet is for logging violations to the content security policy. It is disabled by |
7428 |
23 Nov 17 |
nicklas |
270 |
default. To enable logging, this servlet must be enabled and the <varname>policy</varname> |
7428 |
23 Nov 17 |
nicklas |
271 |
setting for the <varname>csp-filter</varname> need to be updated with a <code>report-uri</code> |
7428 |
23 Nov 17 |
nicklas |
272 |
statement. For example: <code>report-uri /{context}/csp-report;</code> where <code>{context}</code> |
7428 |
23 Nov 17 |
nicklas |
273 |
is replaced with the path under which your BASE installation is installed. |
7428 |
23 Nov 17 |
nicklas |
274 |
</para> |
7428 |
23 Nov 17 |
nicklas |
275 |
</listitem> |
7428 |
23 Nov 17 |
nicklas |
276 |
</varlistentry> |
7428 |
23 Nov 17 |
nicklas |
277 |
|
6497 |
26 Jun 14 |
nicklas |
278 |
</variablelist> |
6497 |
26 Jun 14 |
nicklas |
279 |
</sect1> |
4388 |
12 Aug 08 |
nicklas |
280 |
|
3334 |
14 May 07 |
nicklas |
281 |
</appendix> |
3334 |
14 May 07 |
nicklas |
282 |
|