-
The CSP 2 spec makes clear that when you specify some directive explicitly, e.g. `img-src`, there is no inheritance with the sources in `default-src`. What about allowing composition?
A new _**keyw…
-
- Site: [https://sanduba-costumer-function.azurewebsites.net](https://sanduba-costumer-function.azurewebsites.net)
**New Alerts**
- **Content Security Policy (CSP) Header Not Set** [10038] total…
-
I currently have a content security policy setup in my application, however it is not detected by bullet (I am running v7.0.7 of bullet). In order to investigate I went ahead and put a breakpoint in t…
-
- Site: [https://owasp.org](https://owasp.org)
**New Alerts**
- **PII Disclosure** [10062] total: 3:
- [https://owasp.org/projects/leaders/](https://owasp.org/projects/leaders/)
- [https:…
-
The W3C CSP 1.0 specification, which this library implements, is deprecated and no longer supported or recommended. The current CSP specification is [CSP 2.0](https://www.w3.org/TR/CSP2), which is (fo…
ygale updated
6 years ago
-
- Site: [https://d309kopm8ags5f.cloudfront.net](https://d309kopm8ags5f.cloudfront.net)
**New Alerts**
- **CSP: script-src unsafe-eval** [10055] total: 4:
- [https://d309kopm8ags5f.cloudfront…
-
Hi @neaumusic, thanks again for this extension! 🙌
Just wanted to quickly report a problem that I have seen with certain websites which specify a CSP (Content Security Policy), such as [GitHub avata…
-
One of the features of secure_headers is that it will do a lot to shrink the size of a complicated policy:
* Using child-src/frame-src based on bug from 2 years ago
* Removing protocols
* Dedupin…
-
I think it would be nice if I could look for the individual directive and see which browser they apply to. I.e. I could search for new Level 3 individual directive like `script-src-elem`.
Thank Yo…
-
- Site: [https://vcptcore-dev.govirto.com](https://vcptcore-dev.govirto.com)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 2:
- [https://vcptcore-dev.govirto.com](https://vcptc…