Middleware for Content Security Policy (CSP) Headers

danieleteti / delphimvcframework

DMVCFramework (for short) is a popular and powerful framework for WEB API in Delphi. Supports RESTful and JSON-RPC WEB APIs development.

Apache License 2.0

1.23k stars 353 forks source link

Middleware for Content Security Policy (CSP) Headers #683

Open fastbike opened 1 year ago

fastbike commented 1 year ago

DMVC already has middleware for CORS and general Security Headers.

There is also a set of standards around Content Security Policy (CSP), designed to help detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

Is there any plan to develop a middleware plugin ? Is anybody interested in collaborating if I was to start work on one ?

danieleteti commented 1 year ago

Good point. I was planning to implement it but not in this time-frame. If you have something ready I can support for code-review.

fastbike commented 1 year ago

I'll add it to my todo list. We're using the OWASP ZAP tool - it provides some interesting insights.

fastbike commented 5 days ago

I've got something I can post up here in a few days. We're also looking at CSRF so might do it together.