Should reject invalid CSP headers

srcclr / security-headers

This is a plugin to https://discourse.org that allows you to grade your websites HTTP security headers and collects data about how the the top 10,000 sites implement them.

MIT License

10 stars 2 forks source link

Should reject invalid CSP headers #23

Closed codelion closed 8 years ago

codelion commented 8 years ago

We need to parse and check if the CSP header set on the site is valid, if it is not valid then we cannot score the individual directives.