-
Since MV3 in Firefox disallows executing remotely hosted code as well as inline code, there is not much of a reason for AMO to accept such submissions.
The linter should throw an error for a CSP that…
-
- Site: [https://d309kopm8ags5f.cloudfront.net](https://d309kopm8ags5f.cloudfront.net)
**New Alerts**
- **CSP: script-src unsafe-eval** [10055] total: 4:
- [https://d309kopm8ags5f.cloudfront…
-
¡Hola chicos!
Hace unos días se publicó una nota en el portal donde yo inserté en dicho texto este hiper-vinculo: https://developer.mozilla.org/es/docs/Web/Security/CSP
No sé si podríamos traducir los…
-
For our application we have a few HTML documents which are provided by an external API, which we then inject into a shadow dom to render to the user in a modal.
Because these documents contain some…
-
- Site: [https://magik3a.github.io](https://magik3a.github.io)
**New Alerts**
- **CORS Misconfiguration** [40040] total: 2:
- [https://magik3a.github.io/dev.bg](https://magik3a.github.io/dev…
-
I may have a problem with this particular piece of code ...
In my opinion, if there is an asset issue (missing js file), the **Copy to clipboard** may not work as expected (or may not…
-
I have tried to use madmin without success due to adding javascript and css on the fly.
This was my first attempt at getting CSP to work for localhost and production. Works like a charm with impor…
-
Hi, hope everyone is healthy and safe.
I have multiple views which are working with multiple request methods. For some of these views, I'ld like to update/replace/exclude the csp only for the reque…
-
Dear Cybele Software,
My name is Daniel Morales, from the IT Security Team of ARHS Spikeseed.
I recently found a functionality in Thinfinity VirtualUI that could allow to a malicious actor to pe…
-
When we come to tighten up the CSP, here are [all the potential rules](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) it can have (see below). Note that some of the…