-
Guus
I'm being asked to add CSP HTTP headers to a BOSH endpoint ... Isn't that pointless, given that the data served through those endpoints isn't HTML?
-
Zash
Guus, doesn't make much sense to me no.
-
Kev
Could potentially be some security scanner complaining.
-
Guus
Yeah, that's likely it.
-
MattJ
Well, I think at least Prosody and ejabberd do serve HTML in response to GET on the BOSH URL
-
flow
"I do as the security vulnerability scanner guides"
-
pep.
I remember when my company was trying to get ISO27001 when I was still employed.. BS everywhere.
-
pep.
Maybe it wasn't even 27001 but 9001
-
pep.
Same story anyway
-
singpolyma
Bettur plan: disable BOSH 😉