-
It would be nice to have some security headers: https://securityheaders.io/?q=https%3A%2F%2Fgethttpsforfree.com%2F
Especially a CSP could be very helpful here, as you can very strictly limit the JS u…
-
There might be an issue with how github markup is rendering svg's embed through `````` tag.
CSP headers might be a factor, the svg does load but its static and other elements are not animated which w…
-
The following emerged from a Nessus scan of an Opencast installation:
Content Security Policy (CSP) Missing
Website Does Not Implement HSTS Best Practices
Website does not implement X-Content-Typ…
-
### Is your proposal related to a problem?
I would like to be able to set custom HTTP headers when using `npm start`, i.e. `react-scripts start`.
Currently our proxy provides [CSP HTTP Headers](…
-
Hi Nelmio Team,
I wanted to open a discussion with respect to extending the current CSP module to include support for `trusted-types` and `require-trusted-types-for` headers. Although both Symfony …
-
Goose should set the [Content-Security-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) header appropriately to mitigate the risk of unauthorised content bein…
-
### Searched for similar issues
- [X] YES, I have searched for similar issues.
### Time of occurrence
Today 9:00 AM
### Device
None
### Other Device
_No response_
### Device Version
_No respo…
-
### Link to the code that reproduces this issue
https://github.com/moloch--/nextjs-broken-csp
### To Reproduce
1. Follow directions at https://nextjs.org/docs/app/building-your-application/configur…
-
**Is your feature request related to a problem? Please describe.**
I would like to improve FormWrapper's security features, which don’t fully protect against common security vulnerabilities. Issues…
-
### Preconditions and environment
- 2.4.7 and 2.4-develop
### Steps to reproduce
* Put csp_whitelist.xml under your frontend theme's etc/ directory. (You can put this in Luma theme too. Jus…