Update security check on simulators

simulator-common, version 2.5, was updated to support security check. To enable the security check on simulators you have to :

  • login as admin
  • go to : administration/configure.seam. This page is included on simulator-common, so accessible by any simulator
  • if it is the first time you are enabling the security check,
    • you have to click on the button : Set default http headers value. This will update all missing application preferences related to http security headers.
    • update the application preference: security-policies,  set its value to true
    • you have then to click on the button : Update http header security policies
  • to verify that the security headers are enabled, you can use firebug :
    • open firebug tool
    • enable "network" menu
    • reupload the home page
    • click on the GET request catched by firebug
    • verify that the header of the GET response contains attributes : X-WebKit-CSP-Report-Only,