-
Very low priority. I got the following error:
Exception message: No sources configured for attribute. Remove attribute, or set "Enabled=false"
at NWebsec.Mvc.HttpHeaders.Csp.Internals.CspDirectiveAtt…
-
Add support for Public Key Pinning. HPKP is currently supported in Chrome and Firefox.
-
Issue added from old project site. http://nwebsec.codeplex.com/workitem/42
-
NWebsec no longer (as of v3) overrides cache headers when request processing terminates early in the pipeline. The problem surfaces for WIF signout requests, as the WIF module sets cache headers that …
-
The W3C page for CSP 2.0 talks about using a nonce to enable in-line styles and scripts. In my personal opinion, this is the biggest hurdle for adoption of CSP by the mainstream. Modernizr STILL does …
-
Content Security Policy prevents toggling the glimpse cookie in glimpse.axd. Everything else seems to be working just fine.
![image](https://f.cloud.github.com/assets/5928621/1530859/e9adb63e-4c56-11…