Stackle icon indicating copy to clipboard operation
Stackle copied to clipboard
verified publisher icon scorelab

Content-Security-Policy

Open aravinda3001 opened this issue 4 years ago • 0 comments

Content-Security-Policy : Wildcard Directive

Changes proposed in the pull request

  • Ensure that web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.

Impact

The configurations either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: frame-ancestors, form-action

Other information

Reference: http://www.w3.org/TR/CSP2/ http://www.w3.org/TR/CSP/ http://caniuse.com/#search=content+security+policy http://content-security-policy.com/ https://github.com/shapesecurity/salvation https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources

aravinda3001 avatar Jun 04 '21 12:06 aravinda3001