divergentdave
commented
8 years ago This is running into brianblakely/nodep-date-input-polyfill#4 and harvesthq/chosen#2423 on the reports pgae for now.
Closed divergentdave closed 8 years ago
divergentdave
commented
8 years ago This is running into brianblakely/nodep-date-input-polyfill#4 and harvesthq/chosen#2423 on the reports pgae for now.
divergentdave
commented
8 years ago I added unsafe-inline to the style-src rules, this is a pretty good compromise for now. I'll keep an eye on the above-mentioned issues. We can tighten the style-src policy later after fixing or replacing the libraries in question.
divergentdave
commented
8 years ago FYI Pushed a couple more things and redeployed to https://staging.oversight.garden/
konklone
commented
8 years ago This is super solid.
konklone
commented
8 years ago Also cc-ing @marumari for her enjoyment.
april
commented
8 years ago Awesome! Looks great and fantastic work. Glad you've found the Observatory to be helpful!
Motivated by Mozilla's HTTP observatory, here are some security improvements for the site. This boosts the grade from a C- to an A+ so far.
This still needs a little more testing, and I have a phantom CSP error to track down. In Firefox, but not Chromium, I get the following message.
The Chosen library seems to be generating CSP errors too; I'll see if those are fixed upstream.