-
I suggest we have a CSP requirement that moves folks away from allow-lists to a nonce or hash strict-dynamic policy (CSP3 stuff) which is much easier to deploy and more secure.
-
-
## Describe the bug
rswag-ui returns duplicate CSP headers when Rails has a CSP configured.
## Steps to Test or Reproduce
Example repo: https://github.com/jboler/rswag-csp
The repo is an API o…
-
The updated CSP Framework will be part of the updated SmartSE Rec V3 link will not be changed
Part H – Credible Simulation Process Framework with detailed process description
https://www.prostep.…
-
Hello All.
This is more of a question and maybe a request
Is it possible not to have link-initialize.js concat a random number to `link-stylesheet-test-` by adding. a random number it makes CSP thro…
-
This issue is to discuss the exact specifics of the CSP violation sample.
Chrome currently has some oddly specific behaviour which isn't specced.
`eval('alert(1)');` -> `eval|alert(1)` - This di…
-
So far I have try Cmake and meson to build it.
`cmake -GNinja -B builddir -Denable-python3-bindings=1 -DCSP_HAVE_LIBZMQ=1 -DCSP_USE_RTABLE=1 -DCMAKE_POSITION_INDEPENDENT_CODE=ON && ninja -C builddir`…
-
**Describe the bug**
Baskets in `csp` are not iterable, but should be.
**To Reproduce**
This code will raise an error:
```python
import csp
from csp import ts
@csp.node
def n(v…
-
Great input by @kzar - https://github.com/WICG/Realms-Initialization-Control/issues/4#issuecomment-2184944203
Something I wasn't aware of, is how according to the spec of CSP2, multiple CSP headers…
-
Per #897 , plotly will not be 100% compatible with a strict Content Security Policy concerning `script-src` (i.e. without `unsafe-efal`).
But it's possible to use it with a strict policy, only some…