-
### Issue Summary
The department of health in Hong Kong reported the following issue:
**Content Security Policy (CSP) Header Not Set**
```
Content Security Policy (CSP) is an added layer…
-
First off, this is a great app, I use it all the time. Unfortunately, the extension for the browser is not working for me. Is it strictly for Chrome or can Edge use it (as well since they use the sa…
-
### Description
Hi Team,
I would like to add the security header "Permissions-Policy" in Keycloak as part of a vulnerability fix but not getting any way to add the same. As Keycloak currently supp…
-
### Attempted Debugging
- [X] I have read the debugging page
### Searched GitHub Issues
- [X] I have searched GitHub for the issue.
### Describe the Scenario
Hi @ssddanbrown,
Our new…
-
Hi,
I tried grav for a new website.
I am glad to see that you offer a xss plugin but why you do not use xss protection on client side? There are several http headers which enable security features…
-
Mozilla published a new tool to judge webpage security. They complain about a couple of http headers missing from dokuwiki, see:
https://observatory.mozilla.org/analyze.html?host=www.dokuwiki.org
In …
-
The specification suggests that content-security-policy HTTP headers are added to GET requests.
-
### Is this a possible security vulnerability?
- [X] This is NOT a possible security vulnerability
### Describe the bug
[PolarisApplicationConfig](https://github.com/apache/polaris/blob/cc58730a0c6…
-
I'm not aware of any vulnerability. But as good security hygiene we should set security headers on the HTTP responses returned by all our marketing sites (originprotocol.com; ousd.com; story.xyz).
I …
-
It looks like you are adding headers before calling next() in the middleware. This means that any middleware registered after the security header middleware does not have a chance to preempt the middl…