Hi,
I have V1.30.4 running nicely under Ubuntu 18.04 .
I have recently hardened the apache server to run https along with adding a number of security headers - everything still runs nice and I now get an 'A' when I test the security of the server.
I can get an A+ (highest rating) by tweaking the CSP but in doing so I can no longer log into ZM from my PC.
Here's the relevant line from my apache2.conf
Header always set Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'"
I've tried dropping https, unsafe-eval and unsafe-inline in any combination and can get an A+ but then ZM login stops working.
Any suggestions about how to get an A+ security or doesn't it matter ?
Regards Tim
Content security policy ?
Re: Content security policy ?
I commented out the line below > Add CSP Headers line 179 in the file
logged in and it seems to be working
Is removing that going to be a problem ?
logged in and it seems to be working
Is removing that going to be a problem ?