Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Establish more accurate CSP headers #1920

Closed
fv3rdugo opened this issue Mar 1, 2023 · 1 comment
Closed

Establish more accurate CSP headers #1920

fv3rdugo opened this issue Mar 1, 2023 · 1 comment
Assignees
@fv3rdugo
Labels
frontEnd security
Milestone
2.2

Comments

@fv3rdugo
Copy link
Member

fv3rdugo commented Mar 1, 2023

Describe the bug
From browser:
Screenshot 2023-03-01 at 13 47 08

The Chatwoot widget it's not load properly.

It's related with this PR: CSP Headers #1859
@fv3rdugo fv3rdugo self-assigned this Mar 1, 2023
@fv3rdugo
Copy link
Member Author

fv3rdugo commented Mar 1, 2023
edited
Loading

It's necessary expecify the server, e.g. frame-src chatwoot.local.acme;
To fix unnecessary quotes in other parameters.
A good tool https://csper.io/evaluator and https://content-security-policy.com/

fv3rdugo added a commit that referenced this issue Mar 3, 2023
@fv3rdugo
fix(frontend): CSP more accurate
9b2cbc0 
Define the directives for our CDNs.
More info about it: https://content-security-policy.com/

Issue #1920
@frankiejol frankiejol changed the title Establish a more accurate CSP headers Establish more accurate CSP headers Mar 10, 2023
frankiejol added a commit that referenced this issue Oct 20, 2023
@frankiejol
wip: single config entry for all security policies
a10e94a 
issue #1920
frankiejol added a commit that referenced this issue Oct 20, 2023
@frankiejol
doc: frontend security policies
408bd86 
issue #1920
@frankiejol frankiejol added this to the 2.2 milestone Oct 20, 2023
frankiejol added a commit that referenced this issue Oct 23, 2023
@frankiejol
wip: config settings for CSP
561fa2f 
issue #1920
frankiejol added a commit that referenced this issue Oct 23, 2023
@frankiejol
wip(frontend): change security settings
00f3e6c 
issue #1920
frankiejol added a commit that referenced this issue Oct 26, 2023
@frankiejol
feat(frontend): set CSP
14a1e15 
issue #1920
frankiejol pushed a commit that referenced this issue Oct 26, 2023
@fv3rdugo @frankiejol
fix(frontend): CSP more accurate
a39d032 
Define the directives for our CDNs.
More info about it: https://content-security-policy.com/

Issue #1920
frankiejol added a commit that referenced this issue Oct 26, 2023
@frankiejol
wip: single config entry for all security policies
09166af 
issue #1920
frankiejol added a commit that referenced this issue Oct 26, 2023
@frankiejol
wip: config settings for CSP
88ca07c 
issue #1920
frankiejol added a commit that referenced this issue Oct 26, 2023
@frankiejol
wip(frontend): change security settings
7054a2b 
issue #1920
frankiejol added a commit that referenced this issue Oct 26, 2023
@frankiejol
feat(frontend): set CSP
4ce9f85 
issue #1920
frankiejol added a commit that referenced this issue Oct 26, 2023
@frankiejol
doc: Widget settings
beb7064 
issue #1920
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fv3rdugo fv3rdugo

Labels
frontEnd security
Projects
None yet
Milestone
2.2
Development

No branches or pull requests
2 participants
@frankiejol @fv3rdugo