Open april opened 2 years ago
Hey! I desperately need your help addressing a findec issue on the 168 string. It seems like the code has exposed the codecKext to the security issues that Tim B. warned about. Trying to get aligned with the CSP3 pol requirements with the M! silicon. What kinds of solutions are you familiar with?
The current code only allows a singular CSP policy, which is technically not correct according to CSP3.
Update the code so that it can handle multiple CSP policies, by combining them together.
I desperately need your help addressing a findec issue on the 168 string. It seems like the code has exposed the codecKext to the security issues that Tim B. warned about. Trying to get aligned with the CSP3 pol requirements with the M! silicon. What kinds of solutions are you familiar with?
MDN2
Hello,
I see that after commit a422b3aee91f34535990ffa7ba3aa5256dfb83da scanner stopped analyzing the CSP in
. Now I get only "none" in all CSPs and page score is incorrect (too high). Previously, was also analyzed (and this is what a browser does). I think it may be related to the fact that all entries from get "keep" == False so they are removed by line:csp[directive] = [source for source in combined_sources if source['keep'] is True]
For which website? I just tested a few with different CSP configs and they produced the correct result.
Looks like this has been a bug for many years, based on the scan history.
If you want to open up a new issue, with the contents of the CSP header and mention me in it, I’ll be happy to take a look.
Thanks! On Nov 14, 2022 at 7:11 AM -0600, Antoni Roszak @.***>, wrote:
https://shop.rockwool.com — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were assigned.Message ID: @.***>
The current code only allows a singular CSP policy, which is technically not correct according to CSP3.
Update the code so that it can handle multiple CSP policies, by combining them together.