Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Strict Content Security Policy #164

Open
dillonstreator opened this issue Jan 15, 2025 · 1 comment
Open

Strict Content Security Policy #164

dillonstreator opened this issue Jan 15, 2025 · 1 comment
Labels
bug Something isn't working

Comments

@dillonstreator
Copy link

To enhance the security of the platform, I propose implementing a strict Content Security Policy (CSP). A well-defined CSP helps mitigate various types of attacks, such as cross-site scripting (XSS) and data injection attacks, by restricting the sources from which resources can be loaded.

Request:

  • Define a CSP that includes strict rules for resource sources.
  • Minimize unsafe-inline and unsafe-eval directives, as these can weaken CSP’s effectiveness.
  • Specify trusted domains for loading scripts, styles, images, and other resources.
  • Implement a reporting mechanism to log any policy violations.

Thank you for considering this request to improve the platform’s security posture. Let me know if I can provide additional details. Csper has a free tool for helping to generate the CSP.
@cupcakearmy
Copy link
Owner

Thanks again!

@cupcakearmy cupcakearmy added the bug Something isn't working label Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cupcakearmy @dillonstreator