minimal examples: update for CSP best practices 1) update the logos to svg 2) add svg icon for strict security policy where used 3) define new vhost option flag to enforce sending CSP headers with the result code 4) add vhost option flag to minimal examples to enforce sending CSP where applicable 5) Go through all the affecting examples confirming they still work 6) add LWS_RECOMMENDED_MIN_HEADER_SPACE constant (currently 2048) to clarify when we need a buffer to hold headers... with CSP the headers have become potentially a lot larger.

commit: d9f982a055f24651d9a2249b38feb74e5e6032e9 [log] [tgz]
author: Andy Green <andy@warmcat.com> Mon Nov 19 07:40:47 2018 +0800
committer: Andy Green <andy@warmcat.com> Wed Nov 21 17:03:29 2018 +0800
tree: 39fc43aac5f2275a3e840f1f560a890e7de66a8f
parent: ac032544bf2c09ba8935128b8cbd6a669a1b91df [diff] [blame]
diff --git a/changelog b/changelog
index e3ce5f2..42b8fd2 100644
--- a/changelog
+++ b/changelog

@@ -12,6 +12,11 @@
  - CHANGE: CMAKE:
      - LWS_WITH_HTTP2:         now defaults ON
 
+ - CHANGE: Minimal examples updated to use Content Security Policy best
+   practices, using
+   `LWS_SERVER_OPTION_HTTP_HEADERS_SECURITY_BEST_PRACTICES_ENFORCE` vhost
+   option flag and disabling of inline style and scripts.
+
  - NEW: CMAKE
      - LWS_FOR_GITOHASHI: sets various cmake options suitable for gitohashi
      - LWS_WITH_ASAN: for Linux, enable build with ASAN
commit	d9f982a055f24651d9a2249b38feb74e5e6032e9	[log] [tgz]
author	Andy Green <andy@warmcat.com>	Mon Nov 19 07:40:47 2018 +0800
committer	Andy Green <andy@warmcat.com>	Wed Nov 21 17:03:29 2018 +0800
tree	39fc43aac5f2275a3e840f1f560a890e7de66a8f
parent	ac032544bf2c09ba8935128b8cbd6a669a1b91df [diff] [blame]