Total-Reality
commented
2 years ago I think this is not a "contao website" issue only. I tried to get my contao instances safer. The contao website is an example only.
Closed Total-Reality closed 2 years ago
Total-Reality
commented
2 years ago I think this is not a "contao website" issue only. I tried to get my contao instances safer. The contao website is an example only.
leofeyer
commented
2 years ago CSP is something that you have to configure individually for each website. A general configuration can only contain the bare minimum that we are already shipping:
Therefore this is a Contao website issue IMHO.
stale[bot]
commented
2 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
I checked the security test tool @ Mozilla Observatory https://observatory.mozilla.org/analyze/contao.org
There is a technical problem with the "Content Security Policy". You can find more information here: https://infosec.mozilla.org/guidelines/web_security#content-security-policy
I tried to put the meta tag in the layout (header), but then CSS/JS files seem to be blocked, I don't understand that exactly.