-
I'm wondering: Would it be feasible to have this be a part of CSP, rather than a standalone proposal? While I know generally we are hesitant to shove more things into CSP, I actually think there could…
-
It would be nice if there was an option to automatically configure CSP Reporting to Sentry
https://docs.sentry.io/product/security-policy-reporting/
-
### Sequence of actions:
1. Install https://handlerug.me/csp-example.user.js (has injection mode set to "auto")
2. Go to https://handlerug.me/has-csp (contains ``)
### Problem:
The user …
-
To enhance the security of the platform, I propose implementing a strict [Content Security Policy (CSP).](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) A well-defined CSP helps mitigate vario…
-
### Problem Statement
I run a site that gets a lot of traffic. Recently, we started sending CSP reports to Sentry, but we had to disable it after a couple weeks because we were getting SO many false …
-
### System Info
System:
OS: macOS 13.3
CPU: (10) arm64 Apple M1 Max
Memory: 1.38 GB / 64.00 GB
Shell: 5.2.15 - /opt/homebrew/bin/bash
Binaries:
Node: 18.15.0 - ~/.volta…
-
• Description: Missing or misconfigured CSP headers and cross-domain configurations could allow unsafe content loading, unauthorized access from untrusted domains, and injection attacks.
• Location an…
-
This issue is automatically created based on existing pull request: magento/magento2#39278: 'Report-To' header is deprecated and no longer recommended
---------
### Description (*)
As reported in th…
-
ResourceTiming currently reports the [request's URL](https://fetch.spec.whatwg.org/#concept-request-url), which is the first URL in the redirect chain (the one that the site initiated).
We could a…
-
When requests on the website are redirected, the domain to which the request is redirected is blocked because it is not included in the connect-src whitelist. However, the CSP report shows the blocked…