-
AFAIK this isn't resolved, but we're seeing an issue where the parent page's aggressive policy is preventing the iframe from loading assets. It looks like we might be able to use the [``](https://w3c.…
-
Since the script for mitm is in the html itself, our CSP throws an error when configuring script-src to self.
We have implemented a workaround by adding the script hash to the CSP.
The downside of t…
-
https://www.hardenize.com/report/thesslstore.com/1518813280#www_csp
> default-src data: 'unsafe-inline' 'unsafe-eval' *
Could you please mark the whole CSP result always red, if there is a * or ht…
-
I am trying to run an MDAL query for thermostat heat setpoint and cooling setpoint with the python dataclient.
This is how I call the query:
I am getting this error -- **No UUIDS**
…
-
# Legal & Ethical Concerns
Team Teach On Legal & Ethical Concerns
[https://trevorhuang1.github.io/csp_blog/legal-ethical-concerns-ipynb-2](https://trevorhuang1.github.io/csp_blog/legal-ethical-conce…
-
block-all-mixed-content has been deprecated as detailed here [https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/block-all-mixed-content](https://developer.mozilla.org/e…
-
Upon reviewing this project's "injector" code, it appears it disables numerous security features implemented by Discord to ensure remote code is sufficiently sandboxed from the operating system. As it…
-
### ⚠️ This issue respects the following points: ⚠️
- [X] This is a **bug**, not a question or a configuration/webserver/proxy issue.
- [X] This issue is **not** already reported on [Github](https://…
-
### Describe the bug
Certain components don't work when unsafe-inline is not defined in the CSP, a security incompatibility that should be resolved so shadcn can also be used by development teams und…
-
We saw some issues with `react-pdf` with CSP, we didn't notice those issues until late in the game. Let's make sure we're dev/testing on localhost with CSP.