DEPRECATED. Federated AWS RP is an AWS API Gateway and Lambda OpenID Connect (OIDC) Relying Party (RP) to allow users to log into the AWS Management Console with their federated identity using Single Sign On. This is no longer used by Mozilla SSO/IAM as of September 15th, 2023.
Mozilla Public License 2.0
3
stars
3
forks
source link
Add CSP to help mitigate the risk of XSS vulnerabilities being exploitable #10
You would probably want something like:
default-src 'none'; connect-src 'self'; font-src 'self'; img-src 'self' https://signin.aws.amazon.com; script-src 'self' 'unsafe-eval'; style-src 'self'That seems to cover all the things the site is doing. :)