Open ghost opened 7 years ago
Cool! Thanks for pointing this out.
I think we'd just want 'self'
for everything. Is there an easy way to do that for all directives, or must we specify each one?
CC @marmarek
There may be more. Hmm, what is this?! Not so careful grep doesn't reveal anything else.
This CSP can be easily added in github pages as explained here and would add more security to the site by protecting users against XSS attacks.