-
My interpretation of CSP level 2 was always that child-src applied both to the (at that time) deprecated frame-src context and added web workers. I personally only use one web worker and it is served …
-
### Preconditions and environment
- Magento version
2.4.6-p1
### Steps to reproduce
Enable Google Analytics
View Website from the EU - Inspect and view CSP console errors.
### Expected resul…
-
- Site: [http://pcanizares-vuln-app-4cd76980f733.herokuapp.com](http://pcanizares-vuln-app-4cd76980f733.herokuapp.com)
- Site: [https://pcanizares-vuln-app-4cd76980f733.herokuapp.com](https://pcaniz…
-
I'm wondering how a browser should parse a CSP that's `img-src 'none' https://example.com`. So far I see Chrome and Firefox dropping the `'none'`. Shouldn't they fail close and not allow any other sou…
-
Hi @neaumusic, thanks again for this extension! 🙌
Just wanted to quickly report a problem that I have seen with certain websites which specify a CSP (Content Security Policy), such as [GitHub avata…
-
It is possible to generate hashes for each inline script and expose them the same way as http2-push-manifest.
See:
- https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/content…
-
- Site: [https://owasp.org](https://owasp.org)
**New Alerts**
- **PII Disclosure** [10062] total: 1:
- [https://owasp.org/www-chapter-coimbatore/](https://owasp.org/www-chapter-coimbatore/) …
-
The CSP 2 spec makes clear that when you specify some directive explicitly, e.g. `img-src`, there is no inheritance with the sources in `default-src`. What about allowing composition?
A new _**keyw…
-
The W3C CSP 1.0 specification, which this library implements, is deprecated and no longer supported or recommended. The current CSP specification is [CSP 2.0](https://www.w3.org/TR/CSP2), which is (fo…
ygale updated
6 years ago
-
While extending my deep appreciations to the author, I wanted to ask him to rewrite a line of code, as it is getting blocked by the CSP directives even though we use a nonce. The line is the following…