MTES-MCT / stop-punaises

Mise en relation des usagers signalant des problèmes d'infestations de punaises avec des entreprises labellisées.
https://stop-punaises.beta.gouv.fr
MIT License
4 stars 0 forks source link

[Technique] Améliorer la CSP #772

Closed hmeneuvrier closed 2 months ago

hmeneuvrier commented 2 months ago

https://observatory.mozilla.org/analyze/stop-punaises.beta.gouv.fr Content Security Policy (CSP) implemented unsafely.

This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src.

cf ce qui a été fait sur Histologe : https://github.com/MTES-MCT/histologe/pull/2098 https://github.com/MTES-MCT/histologe/issues/2609 https://github.com/MTES-MCT/histologe/pull/2466 https://github.com/MTES-MCT/histologe/issues/2465

hmeneuvrier commented 2 months ago

TODO