-
the policy
```
object-src 'none'; object-src 'self';
```
right now enforces "'none'". Instead, I think it should append to the list of allowed object sources.
CSP is already eminently unprogrammab…
-
We have some internal use cases for plugins that add tracking script tags to Kibana to be able to add additional `script-src` directives to Kibana's CSP so that these tracking scripts can be safely lo…
-
We are using Angular as the frontend and Node.js as the backend, both served on the same port. Helmet is being used to manage security headers, with a global configuration for most routes, and a speci…
-
It fails with CSP.
See https://github.com/dy/sprae/blob/5a7cfc436d0140b6d15194a40675b46e08342f75/src/directives.js#L415
0-v-0 updated
5 months ago
-
Related issues: #177777, #179061
**Describe the feature:**
Our default Content Security Policy (CSP) and Permissions Policy headers are purposefully restrictive. This means that sometimes we enc…
-
### What feature?
The application currently lacks a Content Security Policy (CSP), which increases the risk of cross-site scripting (XSS) and other injection attacks. Implementing a CSP is essential …
-
- Site: [https://forms-flow-web-dev.aot-technologies.com](https://forms-flow-web-dev.aot-technologies.com)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 6:
- [https://forms-flo…
-
# 🐛Bug Report 🐛
## Description
Login stuck in an infinite loop (4.101.2)
## Expected Behavior
I expected to login.
## Reproduction Steps
Tried to login in V4 wallet (version V 4.101.2). C…
-
- Site: [https://quickstart-openshift-backends-test-backendPy.apps.silver.devops.gov.bc.ca](https://quickstart-openshift-backends-test-backendPy.apps.silver.devops.gov.bc.ca)
**New Alerts**
- **…
-
Hi,
I want to use CSP with a directive that matches a script path _and_ whatever the current request's host is, instead of having to explicitly list all the possible hosts.
So in your Django setting…