Per the Yale's Info Security team, we need to enable a Content Security Policy for DCS. Our extension to do this is until December 2024. The DCS SPA report is in the our Team channel. See related tickets #
@K8Sewell has kindly answered the following questions about enabling a CSP for DCS:
What steps would be to be taken to enable a CSP for DCS?
Enable CSP settings in config/initializers/content_security_policy.rb
Add trusted resources to allowlist to resolve browser alerts
Address inline code by doing one of the following:
Move all inline code and inline styles to a file.
Move the code to a tag and get its hash key.
Use a 'nonce' tag attribute and add it to the corresponding tag.
Files w/ Githubissues.
Githubissues is a development platform for aggregating issues.
Per the Yale's Info Security team, we need to enable a Content Security Policy for DCS. Our extension to do this is until December 2024. The DCS SPA report is in the our Team channel. See related tickets #
@K8Sewell has kindly answered the following questions about enabling a CSP for DCS:
What steps would be to be taken to enable a CSP for DCS? Enable CSP settings in config/initializers/content_security_policy.rb Add trusted resources to allowlist to resolve browser alerts Address inline code by doing one of the following: Move all inline code and inline styles to a file. Move the code to a tag and get its hash key. Use a 'nonce' tag attribute and add it to the corresponding tag.