-
I am using PF 13.0.10 JAR and turned on PrimeFaces.CSP to true in my web.xml file.. Below is CSP policy config from web.xml.
It is creating nonce and all my custom JS files has in them when defined i…
-
Content Security Policies tell the browser to restrict where resources, like Javascript, are loaded from. They are a good defense against cross-site scripting (XSS) attacks.
We should try to move tow…
-
We're using the `csp.extensions.NoncedScript` extension in our Jinja templates and it has been very useful. We would love if there was a similar template tag that we could use for inline styles as wel…
-
**Describe the solution you'd like**
The backend should define tight CSP rules and send them out by default.
For parts of the frontend (iframe to editor communication) it is needed that data-URIs fo…
-
**Describe the solution you'd like**
The @googlemaps/js-api-loader should support CSP TrustedTypes
**Describe alternatives you've considered**
Disabling CSP
**Additional context**
When CSP…
-
The articles about CSP from both [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html) and [web.dev](https://web.dev/articles/strict-csp) recommend that deve…
-
Hi, thanks for making this source code! I was really impressed with how slick it was for doing OCR reads on youtube content, compared to the existing methods, however I intended to use it for studying…
-
### Issue description
In #2649, we added an small external dependency. @Matt-Spence raised a concern about this in a [comment](https://github.com/cisagov/manage.get.gov/pull/2649#pullrequestreview-22…
-
When i try to create a order with the latest buckaroo version using Magento 2.4.4-p9 im unable to make a order or re-order it in the admin panel. Front-end works fine.
A 500 error appears in screen. …
-
Is there a way to set CSP in a similar way to setting CORS, or more generically, is there a way to manually specify a batch of headers to send with each response? Having to actually write a complete N…
Pomax updated
4 months ago