search

internetstandards / Internet.nl

Internet standards compliance test suite
https://internet.nl
172 stars 35 forks source link

Add compliant CSP for toolbox.internet.nl #952

Open baknu opened 1 year ago

baknu commented 1 year ago

https://en.internet.nl/site/toolbox.internet.nl/2050984/#control-panel-29

mxsasha commented 1 year ago

Since this domain only does a redirect to the GitHub repo, will a CSP of form-action 'none'; base-uri 'none'; default-src 'self'; frame-ancestors 'none' work? That's the minimum our test will accept. Seems like it should be fine, but we don't have a testing setup for this, and would prefer not to break it.

bwbroersma commented 1 year ago

I tested this in browsers, only the end page (that is not redirected) is parsed for CSP. Also see #999, so just add 'basic' 100% CSP.