-
### WebKittens
@annevk
### Title of the spec
Content Security Policy
### URL to the spec
https://w3c.github.io/webappsec-csp/
### URL to the spec's repository
https://github.com/…
-
It will allow greater versatility and customisation if the `build_policy` function was made to return the `csp` variable before it is changed into `policy_parts` (https://github.com/mozilla/django-csp…
-
Some websites prevent being loaded in iframes by setting the `X-Frame-Options` response header to `sameorigin` value. For example if you try to open YouTube or Netflix in iframe, you get empty page an…
-
- Site: [http://heitorgouvea.me](http://heitorgouvea.me)
- Site: [https://heitorgouvea.me](https://heitorgouvea.me)
**New Alerts**
- **CORS Misconfiguration** [40040] total: 1:
- [https://…
-
- Site: [https://bank.f5labs.dev](https://bank.f5labs.dev)
**New Alerts**
- **Content Security Policy (CSP) Header Not Set** [10038] total: 3:
- [https://bank.f5labs.dev](https://bank.f5labs…
-
### Bug description
When trying to embed Superset dashboard, I discovered, that with Talisman enabled, `/embedded` endpoint produces `X-Frame-Options: SAMEORIGIN` - which does not allow to embed dash…
-
- Site: [https://laughing-train-4p474qj7p94hgjx-3000.app.github.dev](https://laughing-train-4p474qj7p94hgjx-3000.app.github.dev)
**New Alerts**
- **Content Security Policy (CSP) Header Not Set**…
-
Recommendation fruggr
Configurer les meta données pour exposer une configuration CSP correcte
Plus d'information en anglais :
- https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
- https://…
-
Hi
I’m currently working on a phased plan to implement CSP for BBC online (as we’re currently rolling out HTTPS) and have come across an issue for which I have a suggestion - an amendment to the curr…
-
- Site: [https://alcs-dev.apps.silver.devops.gov.bc.ca](https://alcs-dev.apps.silver.devops.gov.bc.ca)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 4:
- [https://alcs-dev.apps…