ZAP Scan on Argo Workflow UI reports CSP: script-src unsafe-inline & CSP: style-src unsafe-inline #12671
Unanswered
ramanNarasimhan77
asked this question in
Q&A
Replies: 1 comment 3 replies
-
cc @agilgur5 do you know? |
Beta Was this translation helpful? Give feedback.
3 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
We have scanned Argo workflow UI using OWASP ZAP
CSP reported is
default-src 'self' 'unsafe-inline'; img-src 'self'
ZAP tool reports this as a security issue.
Could you please provide some context on why this is set in the Argo Workflow UI?
References:
https://content-security-policy.com/unsafe-inline/
feat(ui): Enable CSP, HSTS, X-Frame-Options. Fixes #2760, #1376, #276… · argoproj/argo-workflows@9f86a4e (github.com)
Beta Was this translation helpful? Give feedback.
All reactions