-
As We know.
We can use ContextSearch-web-ext to execute bookmarklets,
but on some websites with `Content Security Policy` enabled,
the bookmarklets don't work properly.
Is there an option like …
-
We are using Angular as the frontend and Node.js as the backend, both served on the same port. Helmet is being used to manage security headers, with a global configuration for most routes, and a speci…
-
@mrivasperez Thanks for building this amazing lightweight browser. I am using this for a different use case of building a super app for AI users. AI users can visit only AI platforms like chatgpt, cla…
-
## Description
CSP can be found to be preventing some pages from loading. Ones I've found so far are outlook.live.com and even your own bug report pages on Brave Community site.
I would say thi…
-
When attempting to use the SDK in a context which has Content Security Policy directive: "script-src 'self'" set, I receive the following error:
```
td-sdk.min.js:1 Uncaught EvalError: Refused to …
-
This should be mostly an `nginx` centric change. Few missing headers were detected during the responses returned by the API, namely:
- `strict-transport-security`
- `content-security-policy`
- `permis…
-
### Error Message and Logs
Refused to load the image '' because it violates the following Content Security Policy directive: "img-src 'self' https: data".
Refused to load the stylesheet 'http://fide…
-
### Is there an existing issue for this?
- [X] I have searched the existing issues
### Community Note
* Please vote on this issue by adding a :thumbsup: [reaction](https://blog.github.com/2016-…
-
### Describe the bug:
Hi,
We are using zap automated scan in our ci pipeline for several services/endpoints. On one of these andpoints the follwoing alert is raised:
Insufficient Site Isolation Aga…
-
Content Security Policies tell the browser to restrict where resources, like Javascript, are loaded from. They are a good defense against cross-site scripting (XSS) attacks.
We should try to move tow…