simulator-common, version 2.5, was updated to support security check. To enable the security check on simulators you have to :
- login as admin
- go to : administration/configure.seam. This page is included on simulator-common, so accessible by any simulator
- if it is the first time you are enabling the security check,
- you have to click on the button : Set default http headers value. This will update all missing application preferences related to http security headers.
- update the application preference: security-policies, set its value to true
- you have then to click on the button : Update http header security policies
- to verify that the security headers are enabled, you can use firebug :
- open firebug tool
- enable "network" menu
- reupload the home page
- click on the GET request catched by firebug
- verify that the header of the GET response contains attributes : X-WebKit-CSP-Report-Only,
x-content-security-policy...