Open dalelane opened 3 years ago
The CSP policy currently used is not correct.
https://github.com/IBM/taxinomitis/blob/3d32953f4f6b630d5aa81617ae9b9c4c5a593bb5/src/lib/restapi/config.ts#L43-L90
This was brought to light after a recent version update of the helmet module. To avoid breakages, the CSP was switched to report-only as a temporary workaround.
helmet
https://github.com/IBM/taxinomitis/blob/e665e30bb19615a6ac006b5333b35d6edb3ee840/src/lib/restapi/index.ts#L42-L44
The CSP needs to be fixed so that the enforcement can be re-enabled.
https://github.com/IBM/taxinomitis/blob/e665e30bb19615a6ac006b5333b35d6edb3ee840/src/lib/restapi/config.ts#L52-L54
https://github.com/IBM/taxinomitis/blob/e665e30bb19615a6ac006b5333b35d6edb3ee840/src/lib/restapi/config.ts#L59-L62
Some of the errors that these are hiding are from angular - see https://docs.angularjs.org/api/ng/directive/ngCsp for details
The CSP policy currently used is not correct.
https://github.com/IBM/taxinomitis/blob/3d32953f4f6b630d5aa81617ae9b9c4c5a593bb5/src/lib/restapi/config.ts#L43-L90
This was brought to light after a recent version update of the
helmet
module. To avoid breakages, the CSP was switched to report-only as a temporary workaround.https://github.com/IBM/taxinomitis/blob/e665e30bb19615a6ac006b5333b35d6edb3ee840/src/lib/restapi/index.ts#L42-L44
The CSP needs to be fixed so that the enforcement can be re-enabled.