-
### Describe the problem
Even though `require-trusted-types-for` seems to be present in the list of CSP directives in the configuration, setting it (to `script`, which is its only value) will actua…
-
- Site: [https://owasp.org](https://owasp.org)
**New Alerts**
- **PII Disclosure** [10062] total: 5:
- [https://owasp.org/www-project-zezengorri-code/](https://owasp.org/www-project-zezengor…
-
- Site: [https://alcs-dev-api.apps.silver.devops.gov.bc.ca](https://alcs-dev-api.apps.silver.devops.gov.bc.ca)
**New Alerts**
- **A Server Error response code was returned by the server** [10000…
-
This is my gatsby plugin config:
```
{
resolve: `gatsby-plugin-csp`,
options: {
disableOnDev: true,
reportOnly: false, // Changes header to Content-Security-Pol…
-
- Site: [https://juice-shop.herokuapp.com](https://juice-shop.herokuapp.com)
**New Alerts**
- **Content Security Policy (CSP) Header Not Set** [10038] total: 2:
- [https://juice-shop.herokua…
-
This package works great, but I needed to add a [CSP](https://content-security-policy.com/) to my webpage that runs the editor, and in the CSP I need to list the resources the editor loads as exceptio…
-
`script-src 'sha256-CihokcEcBW4atb_CW_XWsvWwbTjqwQlE9nj9ii5ww5M='` is a valid CSP, per the [hash-source grammar](https://w3c.github.io/webappsec-csp/#grammardef-hash-source). Note the base64url-encode…
-
- Site: [https://rajeshwar.cloud](https://rajeshwar.cloud)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 2:
- [https://rajeshwar.cloud/sitemap.xml](https://rajeshwar.cloud/site…
-
- Site: [https://dvna-team-1.canadacentral.cloudapp.azure.com](https://dvna-team-1.canadacentral.cloudapp.azure.com)
- Site: [http://dvna-team-1.canadacentral.cloudapp.azure.com](http://dvna-team-1.…
-
Recommendation fruggr
Configurer les meta données pour exposer une configuration CSP correcte
Plus d'information en anglais :
- https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
- https://…