-
- Site: [https://dev.healthprovideridentityportal.gov.bc.ca](https://dev.healthprovideridentityportal.gov.bc.ca)
**New Alerts**
- **Cloud Metadata Potentially Exposed** [90034] total: 1:
- […
-
- Site: [https://apidev.lakkanan.shop](https://apidev.lakkanan.shop)
**New Alerts**
- **Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s)** [10037] total: 1:
- [https…
-
Will you be adding support for the more granular script src directives `script-src-attr`, `script-src-elem`, `style-src-attr`, `style-src-elem` ?
ooOsH updated
4 years ago
-
[This spec](https://w3c.github.io/webappsec-csp/#iana-registry) references an IANA registry for CSP directives, but it just links to [RFC7762](https://tools.ietf.org/html/rfc7762), which has not been …
-
## Description
Several different CSP directives can cause different kinds of breakages in the Brave adblocker's element picker UI.
- Blocking scripts via an explicit or implicit `script-src: …
-
## Bug description
We've received over 500+ errors over the last 2 hours in Sentry about `Blocked 'connect' from 'eu.i.posthog.com'`
What is this change, and where does it come from? Is `https:/…
-
### Describe the problem
SvelteKit doesn't really work with `strict-dynamic` CSP, at least not when using hashes. There seem to be some non-intuitive requirements (you have to use `modulepreload`?), …
-
Given the following policies
`CSP: script-src 'none'; style-src '*'; default-src 'none'`
`CSP: script-src '*'; style-src 'none'; default-src 'none'`
The current algorithm would allow prefetches.
…
-
Starting in 4.0.5 there is more Cookie Samesite support. We need to fine tune these settings and potentially remove any previous efforts at CSRF if it's conflicting with the built-in CI4 implementati…
-
The current description text for the result "csp-implemented-with-unsafe-inline" quite impossible to understand (unless you already know what it wants to tell you), as it uses quotation randomly :)
…
ghost updated
7 years ago