Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Documentation updates. No changes to code. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | tcltls |
| Files: | files | file ages | folders |
| SHA3-256: |
255f9ed52a69a97c74f87ec8b9787183 |
| User & Date: | drh 2019-07-29 19:51:14.417 |
Context
|
2019-07-30
| ||
| 15:35 | Documentation updates. No changes to code. (check-in: c366208c59 user: drh tags: trunk) | |
|
2019-07-29
| ||
| 19:51 | Documentation updates. No changes to code. (Leaf check-in: 255f9ed52a user: drh tags: tcltls) | |
|
2019-07-22
| ||
| 12:49 | Add support for building wapptclsh with TclTLS. (check-in: dd273e0756 user: drh tags: tcltls) | |
Changes
Changes to docs/commands.md.
| ︙ | ︙ | |||
118 119 120 121 122 123 124 |
+ <a name='csp'></a>**wapp-content-security-policy** _POLICY_
Set the Content Security Policy (hereafter "CSP") to _POLICY_. The
default CSP is _default\_src 'self'_, which is very restrictive. The
default CSP disallows (a) loading any resources from other origins,
(b) the use of eval(), and (c) in-line javascript or CSS of any kind.
Set _POLICY_ to "off" to completely disable the CSP mechanism. Or
specify some other policy suitable for the needs of the application.
| | > > > > > > > > | 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 |
+ <a name='csp'></a>**wapp-content-security-policy** _POLICY_
Set the Content Security Policy (hereafter "CSP") to _POLICY_. The
default CSP is _default\_src 'self'_, which is very restrictive. The
default CSP disallows (a) loading any resources from other origins,
(b) the use of eval(), and (c) in-line javascript or CSS of any kind.
Set _POLICY_ to "off" to completely disable the CSP mechanism. Or
specify some other policy suitable for the needs of the application.
<p>The following allows inline images using
<img src='data:...'> and inline "style='...'" attributes,
but restricts all other attack vectors and thus seems to be a good
choice for many applications:
<blockquote><pre>
wapp-content-security-policy {
default-src 'self' data:;
style-src 'self' 'unsafe-inline';
}</pre><blockquote>
+ <a name="debug-env"></a>**wapp-debug-env**
This routine returns text that describes all of the Wapp parameters.
Use it to get a parameter dump for troubleshooting purposes.
+ **wapp** _TEXT_
Add _TEXT_ to the web page output currently under construction. _TEXT_
|
| ︙ | ︙ |
Changes to docs/params.md.
| ︙ | ︙ | |||
124 125 126 127 128 129 130 | clicking on a hyperlink or form on a page that was generated by the same website. Manually typing in a URL does not constitute the "same origin". Hence, in the "env.tcl" example above the "wapp-allow-xorigin-params" interface is used so that you can manually extend the URL to add new query parameters. If query parameters can have side effects, then you should omit the | | | | < | 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 | clicking on a hyperlink or form on a page that was generated by the same website. Manually typing in a URL does not constitute the "same origin". Hence, in the "env.tcl" example above the "wapp-allow-xorigin-params" interface is used so that you can manually extend the URL to add new query parameters. If query parameters can have side effects, then you should omit the wapp-allow-xorigin-params call. The wapp-allow-xorigin-params command is safe for read-only web pages. Do not invoke wapp-allow-xorigin-params on pages where the parameters can be used to change server state. <a name='cgidetail'></a> 3.0 CGI Parameter Details [(Quick reference)](quickref.md#cgiparams) ------------------------- The CGI parameters in Wapp describe the HTTP request that is to be answered and the execution environment. |
| ︙ | ︙ |