search

estuary / ui

A web based UI to assist in working with Estuary Flow
https://dashboard.estuary.dev/
Other
12 stars 1 forks source link

Potential CSP configuration #1196

Closed skord closed 1 month ago

skord commented 1 month ago

Issues

https://github.com/estuary/security/issues/100

Changes

Adds a content security policy header. This time it allows for WASM.

I am uncertain if this will be the configuration that works, but I'm proposing one anyway.

travjenkins commented 1 month ago

I will also try out wasm-unsafe-eval... kinda want to try to keep the scope as small as possible (if we even can)

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_webassembly_execution

Before we only allow wasm we'd have to research how ajv would respond as at some point that for sure relied on eval