-
I've run your project locally and in the pages router I get this error:
`Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'report-sample…
-
- Site: [https://hack23.com](https://hack23.com)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 1:
- [https://hack23.com/](https://hack23.com/)
- **CSP: style-src unsafe-inlin…
-
Does SSLproxy support ALPN?
```
[~]# curl -k -v https://google.com:443
* Trying 142.251.167.102:443...
* Connected to google.com (142.251.167.102) port 443
* ALPN: curl offers h2,http/1.1
…
-
*Title*: *curl HTTP/1.1 503 Service Unavailable*
*Version*: envoyproxy/envoy:v1.32.1
*Description*:
The internal pod sending a curl request via HTTP is getting a 503 despite healthy upstream …
-
### Preconditions
Apply a strict CSP, not allowing inline event handlers
Magento Version : 2.4.6-p8
ElasticSuite Version : 2.11.9.2
Environment : developer
Third party modules :
…
-
As report by Emanuel Bronshtein,
I suggest to implement the following for *.phpmyadmin.net websites:
\* 'Public-Key-Pins-Report-Only' header, more information:
https://developers.google.c…
-
### Problem Statement
I receive a lot of CSP reports that look impossible. One example (slightly edited for privacy reasons, and yes, this report-only policy is indeed too-open):
```
{
"csp-re…
-
- Site: [https://mtn.com](https://mtn.com)
**New Alerts**
- **Content Security Policy (CSP) Header Not Set** [10038] total: 1:
- [https://mtn.com](https://mtn.com)
- **Sub Resource Integri…
-
### Problem Statement
In this case the Content Security Policy errors eat up most quota but are still important to the developers
In order to reduce the amount of traffic and save some quota I want t…
-
`django-csp` only generates the nonce value (and includes it the header) the first time that `.csp_nonce` is accessed on a request. However, if that's accessed first in a middleware _after_ `django-cs…