/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding Content-Security-Policy (CSP) to website to protect users against XSS attacks #2756

Open
ghost opened this Issue Apr 18, 2017 · 2 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Ongoing
2 participants
@andrewdavidwong @marmarek
@ghost

ghost commented Apr 18, 2017

This CSP can be easily added in github pages as explained here and would add more security to the site by protecting users against XSS attacks.

@andrewdavidwong andrewdavidwong added C: website enhancement labels Apr 18, 2017

@andrewdavidwong andrewdavidwong added this to the Documentation/website milestone Apr 18, 2017

@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Apr 18, 2017

Member

Cool! Thanks for pointing this out.

I think we'd just want 'self' for everything. Is there an easy way to do that for all directives, or must we specify each one?

CC @marmarek
Member

andrewdavidwong commented Apr 18, 2017

Cool! Thanks for pointing this out.

I think we'd just want 'self' for everything. Is there an easy way to do that for all directives, or must we specify each one?

CC @marmarek
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Apr 18, 2017

Member

There may be more. Hmm, what is this?! Not so careful grep doesn't reveal anything else.
Member

marmarek commented Apr 18, 2017

There may be more. Hmm, what is this?! Not so careful grep doesn't reveal anything else.

@andrewdavidwong andrewdavidwong added the help wanted label Mar 18, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment