-
### Problem Statement
I receive a lot of CSP reports that look impossible. One example (slightly edited for privacy reasons, and yes, this report-only policy is indeed too-open):
```
{
"csp-re…
-
- Site: [https://dev-drr-emcr.apps.silver.devops.gov.bc.ca](https://dev-drr-emcr.apps.silver.devops.gov.bc.ca)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 2:
- [https://dev-d…
-
I'm experimenting with something like this:
```js
document.addEventListener( 'securitypolicyviolation', ( e ) =>
{
if( !e.sourceFile.startsWith( location.origin ) )
{
return;
}
…
-
### Summary of the proposal:
Provide a dedicated API for an extension to read and write the Content Security Policy (CSP) of a page. It should work consistently regardless of how the CSP is configure…
-
### Before reporting an issue
- [X] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.
### Are…
-
Hello,
Does this bundle expose any services for use with a controller action via dependency injection? `debug:autowiring` didn't appear to reveal any.
The purpose for this is I need to provide a…
-
### Describe the bug
I am having the same issue as [here](https://github.com/vitejs/vite/issues/11862), but the [solution ](https://github.com/vitejs/vite/pull/16052) isn't working for me.
I'm usi…
-
**Describe the issue**
A dependency, [cbor-x](https://github.com/kriszyp/cbor-x/), triggers CSP errors due to its requirement for `unsafe-eval`. This is observed in the dependency's code, leading to …
-
Hi, I just started using flask-talisman for enforcing HTTPS on my site, but now I'm eager to take advantage of CSP. A couple of questions about CSP reporting:
Regarding `content_security_policy_rep…
-
### Preconditions and environment
- Magento Open Source 2.4.7
### Steps to reproduce
This file has a dependency on Magento_Csp: https://github.com/magento/magento2/blob/2.4-develop/app/code/Magen…