-
Subresource integrity defines a mechanism by which a browser can verify that a fetched resource has been delivered without unexpected manipulation. Metadata inlined into HTML elements allows the brows…
-
```
Charts are not appearing in iframe.
See http://data.jrf.org.uk/data/reason-homeless-ni/
Maps appear to still be working
-------------------------------------------------------------------------…
-
The docker build file downloads Hadoop, Zookeeper, and Accumulo from Apache mirrors. It would be nice to directly download the expected checksums directly from Apache (using https) and verify the fil…
-
https://jsfiddle.net/6yujhzyp/1/
-
Having an issue passing PCI validations right now. Seems there is an issue with my phpbb configuration. Can anyone help solve this for me?
Im on the latest version: 3.2.5
Title
CGI Generic Path…
-
Using webhint.io...
I got:
Response should not include unneeded 'content-security-policy' and 'x-xss-protection' headers.
...for images.
While it does use a few bytes to send these, it is a l…
-
fetch/api/basic/referrer fails every "origin-when-cross-origin" subtest. There's code that is supposed to be handling this referrer policy, but what it does in net/http_loader.rs doesn't match what it…
-
Hi!
Are you aware that your bookmarklet doesn't work with CSP implemented?
Ask if you need some help on that...
-
The CSP post-request check algorithm deliberately relaxes its source path match sub-algorithm when a response is redirected in order to avoid leaking information about redirects via CSP violation repo…
-
As far as I can tell the current text would not prevent or require a dialog for a POST to https://same-origin.example/endpoint to 307/308 redirect to http://elsewhere.example/actual-endpoint.