kindspells astro-shield issues

kindspells / astro-shield

Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.

https://astro-shield.kindspells.dev

MIT License

38 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Allow List Not Working

#86 elevationathletics opened 3 weeks ago
0
generateSRIHashesModule function generates invalid strings on windows

#84 felixcicatt opened 2 months ago
0
Documentation on using CSP for statically generated sites

#83 SeanPollock opened 2 months ago
1
Relative protocol notation not supported

#82 cedmax opened 2 months ago
0
Compatibility with @playform/compress

#81 thwonghin opened 3 months ago
0
Unable to obtain SRI hash for local resource

#80 mvantschip opened 4 months ago
0
fix: csp headers generation

#79 castarco closed 4 months ago
3
chore: upgrade deps

#78 castarco closed 4 months ago
2
simplify CSP directive generation

#76 danielszuk closed 4 months ago
4
chore: upgrade pnpm

#75 castarco closed 4 months ago
0
docs: add missing license headers

#74 castarco closed 4 months ago
0
security: limit postinstall scripts

#73 castarco closed 4 months ago
0
ci: add OSSAR static analysis workflow

#72 castarco closed 5 months ago
2
Fix code scanning alert - Polynomial regular expression used on uncontrolled data

#71 castarco closed 5 months ago
1
Fix code scanning alert - Polynomial regular expression used on uncontrolled data

#70 castarco closed 5 months ago
1
Fix code scanning alert - Bad HTML filtering regexp

#69 castarco closed 5 months ago
1
fix: capture a wider range of malicious input

#68 castarco closed 5 months ago
1
Add option in SSG for outputting SRI hashes as JSON

#67 Bwc9876 opened 5 months ago
2
Support CSP headers generation for static content on AWS via SST/Ion

#66 castarco opened 5 months ago
0
Support CSP headers generation for static content on Netlify

#65 castarco opened 5 months ago
0
Support CSP headers generation for static content on Vercel

#64 castarco opened 5 months ago
0
Support CSP headers generation for static content on Cloudflare

#63 castarco opened 5 months ago
0
chore: optimise docs site local build

#62 castarco closed 5 months ago
0
docs: enable sri in docs site

#61 castarco closed 5 months ago
0
fix: vite warning

#60 castarco closed 5 months ago
1
fix: do not trust integrity attribute when undeserved

#59 castarco closed 5 months ago
1
fix: ensure that allowed scripts are in hashes module

#58 castarco closed 5 months ago
0
document corner case where cross-origin resources are statically imported instead of just included

#57 castarco opened 5 months ago
0
allow-listed resources are not always added to the "hashes module"

#56 castarco closed 5 months ago
0
avoid setting `crossorigin="anonymous"` twice

#55 castarco opened 5 months ago
0
Add 'self' to CSP script-src directive only when strictly necessary

#54 castarco opened 5 months ago
0
docs: create starlight docs site

#53 castarco closed 5 months ago
1
Allow deleting script/style/link elements when they cannot be marked with the `integrity` attribute

#52 castarco closed 5 months ago
1
Implement `sriHashesStrategy` for `CSPOptions`

#51 castarco opened 5 months ago
0
Setup monorepo

#50 castarco closed 5 months ago
3
refactor: create pnpm workspace

#49 castarco closed 5 months ago
1
docs: fix spacing problems in README

#48 castarco closed 5 months ago
0
docs: create a documentation site

#47 castarco closed 5 months ago
1
refactor: port to TypeScript

#46 castarco opened 5 months ago
0
security: fix for major vulnerabilities

#45 castarco closed 5 months ago
3
docs: fix info box

#44 castarco closed 5 months ago
0
feat: support for CSP headers on SSR mode

#43 castarco closed 5 months ago
1
test: minor test improvements

#42 castarco closed 5 months ago
1
docs: gh sponsors

#41 castarco closed 5 months ago
0
feat: create provisional hashes module

#40 castarco closed 5 months ago
3
chore: minor corrections

#39 castarco closed 5 months ago
1
feat: allow optional CSP headers injection for dynamic pages

#38 castarco closed 5 months ago
1
devex: avoid the need for building twice when the only static resources are the ones from /public/

#37 castarco closed 5 months ago
0
feat: optional mitigation for frontend prototype pollution

#36 castarco opened 5 months ago
0
fix: show warn msg when manual workaround needed

#35 castarco closed 5 months ago
1