From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from srv1.stroeder.com (srv1.stroeder.com [213.240.180.113]) by mail.toke.dk (Postfix) with ESMTPS id 49C1E7D8E72 for <galene@lists.galene.org>; Mon, 1 Feb 2021 10:10:22 +0100 (CET) Authentication-Results: mail.toke.dk; dkim=pass (1536-bit key) header.d=stroeder.com header.i=@stroeder.com header.b=bicohgnx DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=stroeder.com; s=stroeder-com-20201114; t=1612170620; bh=YWmSgXD4mBdaK8IRlQCFJ9ehovvQwTTpYrOlJVKdwnA=; h=Subject:To:References:From:Date:In-Reply-To:From; b=bicohgnx+vsYZFIcXP+oL7HiMrY5u+9tXbXkmzI/VZBKgvEEwwBd424PC6xGcwmiB GznkzupAyjqMcqD6IjT4zqir3IuaKGky6nIb3uRY4WAy8+F3z+tShUx4JcQTigSz4a i4k6MRuUEzxbu5bCKdLaIbgl2nxLiefyobHBlv89MNqBWlepKjym20W31KzvplHdVa f+4dys7rLvocpJDr3O7znObmt0pGQFm6IvBqP1NcnYJnIJSKDzFYUfCb82P To: galene@lists.galene.org References: <c76be9d1-01f6-03ab-62cc-efba9760dec3@stroeder.com> <2fdb1db7-27f7-c23d-f2ca-11b9c59db125@stroeder.com> <87pn1q9mc9.wl-jch@irif.fr> <87o8ha9m7g.wl-jch@irif.fr> <b07b046c-4253-8201-df7a-abad48650e9d@stroeder.com> <87k0ry9l86.wl-jch@irif.fr> <e775e8f6-09c5-51bc-edba-412f6b7e72e0@stroeder.com> <61231ca5-474e-d180-391e-8f0b0ddb77d0@stroeder.com> <87ft2m9hve.wl-jch@irif.fr> <8aea027c-63f9-9600-f084-dd3ebf569ef8@stroeder.com> <87pn1k39b2.wl-jch@irif.fr> From: =?UTF-8?Q?Michael_Str=c3=b6der?= <michael@stroeder.com> Message-ID: <063519f1-a689-9f22-0a0b-2cc91d7e4785@stroeder.com> Date: Mon, 1 Feb 2021 10:10:12 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 MIME-Version: 1.0 In-Reply-To: <87pn1k39b2.wl-jch@irif.fr> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Message-ID-Hash: IKCDBYBPWXG6T6UOYEUXVFUOGNBQLJN7 X-Message-ID-Hash: IKCDBYBPWXG6T6UOYEUXVFUOGNBQLJN7 X-MailFrom: michael@stroeder.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.3.2 Precedence: list Subject: [Galene] Re: "This operation is insecure" List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= <galene.lists.galene.org> Archived-At: <https://lists.galene.org/galene/063519f1-a689-9f22-0a0b-2cc91d7e4785@stroeder.com/> List-Archive: <https://lists.galene.org/galene/> List-Help: <mailto:galene-request@lists.galene.org?subject=help> List-Post: <mailto:galene@lists.galene.org> List-Subscribe: <mailto:galene-join@lists.galene.org> List-Unsubscribe: <mailto:galene-leave@lists.galene.org> On 2/1/21 1:45 AM, Juliusz Chroboczek wrote: >> Ok, following your advice I've successfully tested normal video >> conference with an Safari-on-iPad user and the following complete CSP >> header: >=20 > I'm a little concerned that if you tweak Gal=C3=A8ne's defaults, your b= ug > reports will be somewhat less useful to me than they would be otherwise= . Yes, I understand. Thus I will add a step to my test procedures to remove customized HTTP headers before reporting something. Ciao, Michael.