-
Steps:
1. Scan page: https://shop.rockwool.com
Observation:
- Page scores 120 with most CSP directives listed as "none".
Expectation:
- Page should score 110, as there are more directives in …
-
Not sure if this will complicate things too much, but I want a stricter set of rules for my app's pages on / to rules for the /admin pages which in this case is Wagtail. Wagtail requires unsafe-inline…
-
I noticed that there’s a questionable recommendation we give in the Observatory:
> Deny by default, using `default-src 'none'`
You can only use SVG sprites via external files in Firefox with `de…
-
#### Title
Content Security Policy (CSP) Conflict When Using Content Constructor CMS
#### Description
While using the Content Constructor CMS, we encountered a Content Security Policy (CSP) issue…
-
Enhancing the functionality of the iconSprite configuration in the library to accept not only the path to the icon as a string but also the entire SVG content as a string would be highly beneficial.
…
-
### Is your feature request related to a problem? Please describe.
sysContact MIB entry is not exposed to be set via Ansible
### Describe the solution you'd like
For a system onboarding it is…
-
Keycloak has several iframes that are embedded into pages of the relying party, for security reasons these iframes should only be allowed to be embedded by trusted origins configured by the user. The …
-
### 1. Quick Debug Information
* OS/Version(e.g. RHEL8.6, Ubuntu22.04): RHCOS 38.202306.3.0
* Container Runtime Type/Version(e.g. Containerd, CRI-O, Docker): CRI-O
* K8s Flavor/Version(e.g. K8s, …
-
### Blazorise Version
1.5
### What Blazorise provider are you running on?
Material
### Link to minimal reproduction or a simple code snippet
Run pen-test tool like https://www.zaproxy.org/ on bla…
-
### Describe the bug
Hello and thank you all for making and maintaining Svelte ❤️
This is related to #5215, but that seems to be specifically targeted at the animations API, whereas I am talking…