-
- Site: [https://pokemon.hamdan.id](https://pokemon.hamdan.id)
**New Alerts**
- **Content Security Policy (CSP) Header Not Set** [10038] total: 3:
- [https://pokemon.hamdan.id/](https://poke…
-
### Bug description
It is observed that application fails to validate and [sanitise]([url]()) user supplied input containing malicious JavaScript which may be executed on browser leading to Stored Cr…
-
Hi, I just started using flask-talisman for enforcing HTTPS on my site, but now I'm eager to take advantage of CSP. A couple of questions about CSP reporting:
Regarding `content_security_policy_rep…
-
When the module is installed on an Xperience by Kentico instance with multiple channels, the middleware might not find the right CSP configurations. This is because the module stores a reference to th…
-
### Q&A (please complete the following information)
- OS: N/A
- Browser: All modern browsers
- Version: Any modern version supporting CSP
- Method of installation: dist assets
- Swagger-UI v…
-
It will allow greater versatility and customisation if the `build_policy` function was made to return the `csp` variable before it is changed into `policy_parts` (https://github.com/mozilla/django-csp…
-
**I'm submitting a ...**
* [x] bug report
* [ ] feature request
* [ ] other
**Current behavior:**
If ngSanitize is added as a module dependency and a Content-Security-Policy is set that …
koaex updated
2 years ago
-
Just a guess: Your code won't parse chrome's csp reports, while FF works.
Because chrome uses application/csp-report as mime type, not application/json - and then Play refuses to parse the body as jso…
-
- Site: [http://localhost:3000](http://localhost:3000)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 1:
- [http://localhost:3000/api-docs](http://localhost:3000/api-docs)
- *…
-
### *Feature request*
Add support for Content-Security-Policy-Report-Only. We can use the standard CSP header with 'contentSecurityPolicy' but it would be nice to be able to instead use it in Repor…