Closed bararchy closed 2 years ago
Lucky is missing Content-Security-Policy header. Setting this header prevents a wide variety of attacks, including cross-site scripting and other cross-site injections.
Remedy: - Make sure to set this header to Content-Security-Policy: script-src 'self'. Resources: - https://wiki.owasp.org/index.php/OWASP_Secure_Headers_Project#csp
Content-Security-Policy: script-src 'self'
Found here: https://github.com/bararchy/lucky_sec_test/runs/5128943051?check_suite_focus=true#step:11:21
Lucky is missing Content-Security-Policy header. Setting this header prevents a wide variety of attacks, including cross-site scripting and other cross-site injections.
Remedy: - Make sure to set this header to
Content-Security-Policy: script-src 'self'. Resources: - https://wiki.owasp.org/index.php/OWASP_Secure_Headers_Project#cspFound here: https://github.com/bararchy/lucky_sec_test/runs/5128943051?check_suite_focus=true#step:11:21