-
Hi, do you provide a filters (add_filter) so rules including dynamically generated nonce-xxx can be merged into the generated header ?
This could be a great feature.
thanks
-
CSP3 should clearly specify what considerations a document adding a new directive to the CSP header must address. A specific example is how to process multiple policies for a directive that doesn't …
-
## 🍩 Feature Request
**Is your feature request related to a problem? Please describe.**
Applications with a content security policy that does not include "unsafe-inline" prevent SVG Jar's inline…
-
add an image viewer component from
https://fengyuanchen.github.io/viewerjs
link: https://github.com/hedgedoc/hedgedoc/issues/2230
TODO:
- not monit markdown change in editor mode, only load…
-
At GitHub, we set the `default-src` CSP attribute to `none`. This provides the strictest possible CSP as it'll thus only allow CSP directives that the user explicitly has allowlisted.
It would be …
-
As reported by security tools we need to remove the `unsafe-` directives from CSP header in order comply with security policies as this directive makes the CSP too permissive
Code Link : https://gi…
-
## Bug description
We've received over 500+ errors over the last 2 hours in Sentry about `Blocked 'connect' from 'eu.i.posthog.com'`
What is this change, and where does it come from? Is `https:/…
-
### Preconditions and environment
- Magento version
2.4.6-p1
### Steps to reproduce
Enable Google Analytics
View Website from the EU - Inspect and view CSP console errors.
### Expected resul…
-
I'm building a single-page app using seed and rollup, and a native wrapper using inline-assets, rust-embed and web-view (all glued together using npm and rust build scripts).
When I serve my sing…
-
The [documentation](https://django-csp.readthedocs.io/en/latest/configuration.html) has a lot of deprecated features.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Poli…